PCI DSS Compliance Analyst

Location: Issaquah, WA
Date Posted: 10-12-2018
Please note:

This is NOT a remote role.
This is a full-time, in-the-office job located in Issaquah, WA.
Sponsorship is NOT available.
Relocation expense package IS being offered.

---------------

The PCI DSS Compliance Analyst will be responsible for ensuring the PCI DSS compliance of people, process, and technology for a subset of focused PCI DSS requirements.

Tasks and responsibilities
  • Understands and documents complex branded payment acceptance or card servicing processes
  • Applies established PCI DSS scoping criteria
  • Obtains and reviews evidence of compliance to support technical or complex PCI DSS requirements
  • Supports the completion of the annual PCI DSS Report on Compliance
  • Drives necessary system and process updates
  • Scopes, interprets, and prioritizes both application and network vulnerability test results
  • Manages and communicates key compliance milestones for critical systems and complex processes
  • Facilitates interaction between the business and PCI DSS Qualified Security Assessor (QSA)
  • Consults on moderately complex PCI DSS compliance considerations
  • Works closely with cross-functional teams and develop strong liaison relationships
  • Stays current with new and evolving security topics and technologies via formal training and self-directed education
  • Willingly shares knowledge and experiences with less experienced staff to help grow team talent bench through training and mentoring
  • Assists in other areas of the department and company as necessary


Required skills, abilities and certifications
  • 5-10 years' IT background; experience with compliance or regulatory issues preferred
  • 3+ years' prior experience supporting a Level 1 or Level 2 organization’s PCI DSS compliance effort, working with an ISA or QSA, or serving as a ISA or QSA
  • Intermediate knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands
  • Intermediate knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy
  • Able to scope, interpret and prioritize both application and network vulnerability test results
  • Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives)
  • Ability to identify problems, analyze data and present conclusions effectively
  • Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and stakeholders in an effective and appropriate manner
  • Excellent PC skills (spreadsheets, slide decks, documents)


Recommended skills, abilities, and certifications
  • Bachelor's degree
  • Industry Certifications (CISSP/PCI QSA or ISA/PCIP/CISM/CRISC) preferred
  • Successful internal candidates will have spent one year or more on their current team
this job portal is powered by CATS