PCI DSS Compliance Analyst

Location: Issaquah, WA
Date Posted: 10-12-2018
Please note:
This is NOT a remote role.
This is a full-time, in-the-office job located in Issaquah, WA.
Sponsorship is NOT available.
Relocation expense package IS being offered.

The PCI DSS Compliance Analyst will be responsible for ensuring the PCI DSS compliance of people, process, and technology for a subset of focused PCI DSS requirements.

Tasks and responsibilities
  • Understands and documents complex branded payment acceptance or card servicing processes
  • Applies established PCI DSS scoping criteria
  • Obtains and reviews evidence of compliance to support technical or complex PCI DSS requirements
  • Supports the completion of the annual PCI DSS Report on Compliance
  • Drives necessary system and process updates
  • Scopes, interprets, and prioritizes both application and network vulnerability test results
  • Manages and communicates key compliance milestones for critical systems and complex processes
  • Facilitates interaction between the business and PCI DSS Qualified Security Assessor (QSA)
  • Consults on moderately complex PCI DSS compliance considerations
  • Works closely with cross-functional teams and develop strong liaison relationships
  • Stays current with new and evolving security topics and technologies via formal training and self-directed education
  • Willingly shares knowledge and experiences with less experienced staff to help grow team talent bench through training and mentoring
  • Assists in other areas of the department and company as necessary

Required skills, abilities and certifications
  • 5-10 years' IT background; experience with compliance or regulatory issues preferred
  • 3+ years' prior experience supporting a Level 1 or Level 2 organization’s PCI DSS compliance effort, working with an ISA or QSA, or serving as a ISA or QSA
  • Intermediate knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands
  • Intermediate knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy
  • Able to scope, interpret and prioritize both application and network vulnerability test results
  • Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
  • Ability to identify problems, analyze data and present conclusions effectively
  • Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and stakeholders in an effective and appropriate manner
  • Excellent PC skills (spreadsheets, slide decks, documents)

Recommended skills, abilities, and certifications
  • Bachelor's degree
  • Industry Certifications (CISSP/PCI QSA or ISA/PCIP/CISM/CRISC) preferred
  • Successful internal candidates will have spent one year or more on their current team
this job portal is powered by CATS