Senior GRC Compliance Analyst

Summary

Senior member of the Governance Risk and Compliance team responsible for leading PCI compliance and domain specific regulatory assessment activities. The role designs and executes specialized compliance assessments, drives process improvements and standardization, and mentors junior analysts while coordinating remediation and reporting across stakeholders.

Responsibilities

• Lead and execute specialized compliance assessments for complex multi jurisdictional regulatory requirements
• Serve as PCI subject matter expert and lead the annual merchant assessment process
• Coordinate remediation activities and manage the full lifecycle of risk treatment plans
• Implement process improvements and standardize assessment methodologies and the Common Control Framework
• Develop compliance metrics dashboards and define KPIs and KRIs for regulatory domains
• Provide guidance to engineering and leadership on meeting regulatory requirements
• Support strategic initiatives and contribute to the Compliance Assessment Team roadmap
• Educate stakeholders through training workshops and mentor junior analysts

Requirements

• 5+ years of regulatory compliance experience with specialization in specific domains
• 5+ years managing technically complex PCI assessments end to end with external assessors
• Deep knowledge of PCI processes for Level 1 merchants across data centers retail locations call centers and cloud
• Bachelor's or Master's degree in IT Computer Science Cybersecurity or equivalent experience
• Proficiency with security and regulatory frameworks such as CIS NIST SOX HIPAA PCI DSS CCPA
• Experience building or maintaining a Common Control Framework
• Strong stakeholder management communication and presentation skills
• Preferred certifications such as CISA CISM CISSP or PCI Professional and experience with assessment automation and security tooling