Collaborate with Information Security, Risk & Compliance team members and control owners companywide
Lead PCI DSS Level 1 readiness, certification activities, and coordination with QSA assessors
Maintain scope documentation, evidence, and operational reports for PCI controls
Partner with Product Security on modernization initiatives that reduce PCI scope and improve control design
Manage issues, exceptions, and risk acceptance tracking with timely remediation
Align PCI evidence and controls with ISO 27001 and SOC frameworks to streamline reporting
Support audits, vendor assessments, and customer due-diligence requests related to PCI
Maintain compliance ticket queues, supplier/control registers, and awareness activities

5 or more years of PCI DSS program management experience with direct involvement in Level 1 merchant or service provider assessments under DSS v4.0.1
Demonstrated ability to conduct independent risk analysis at the requirement level, including scoping determinations, compensating control construction, and risk acceptance documentation
Experience engaging QSAs from an authoritative posture, substantiating risk positions with documented evidence rather than deferring to QSA interpretation
Hands-on field experience working directly within engineering and infrastructure teams to evaluate control implementation at the technical layer and translate requirements into actionable remediation tasks
Familiarity with ISO 27001 and cloud-native service environments
Strong analytical, organizational, and communication skills with the ability to produce defensible compliance documentation under audit conditions
Experience with GRC platforms, ticketing systems, and security tooling (for example SIEM or vulnerability scanners)
Preferred certifications: PCIP, ISA (prior QSA credential strongly preferred), CISA, CISM, CISSP

PCI Analyst

Key skills