Job Title: Security & Compliance Analyst

Location: Home Office

Compensation: $90,000 - $110,000 per year

The Security & Compliance Analyst is responsible for the organization's security posture and compliance obligations, with a primary focus on PCI DSS. This role oversees ongoing compliance efforts, conducts assessments, manages evidence collection, and supports the remediation of compliance gaps across restaurants & marketplaces, e-commerce platforms, and point-of-sale environments. The Security & Compliance Analyst works closely with IT, Engineering, Operations, and third-party business partners to maintain secure environments and achieve successful PCI DSS certification.

In this Role you will...

Support and maintain the organization's PCI DSS compliance program across all in-scope systems, networks, and business units.

Conduct internal PCI assessments, gap analyses, and readiness reviews to identify and remediate compliance deficiencies.

Maintain documentation of PCI controls, evidence, and audit artifacts in the company's Governance, Risk, and Compliance (GRC) platform.

Partner with IT, Security, and Retail Operations to validate technical and procedural controls for compliance.

Coordinate with Qualified Security Assessors (QSAs) during annual assessments, providing documentation and remediation updates.

Monitor system changes, new technologies, and third-party services for PCI scope impact.

Track and report compliance status, risks, and remediation progress to management.

Develop and deliver PCI awareness training for staff and store-level employees handling payment data.

Review and assess vendor compliance with PCI DSS and ensure required Attestations of Compliance (AOC) are maintained.

Stay current on PCI DSS version updates, industry trends, and payment security best practices.

Support broader security and compliance initiatives beyond PCI, including vendor risk management, cloud security controls (AWS), and policy development as the program matures.

Qualifications

Education & Experience

Bachelor's degree in Information Security, Information Technology, or related field (or equivalent experience).

3-5 years of experience in IT security, compliance, or audit, preferably within a retail or financial environment.

Hands-on experience with PCI DSS compliance programs, evidence collection, and remediation management.

Preferred Certifications

PCI Professional (PCIP) or Certified Information Systems Auditor (CISA) preferred; CISSP or equivalent a plus.

Technical Skills

Familiarity with network security, encryption, firewalls, vulnerability management, and logging systems.

Familiarity with cloud environments, particularly AWS; experience with services relevant to secure data handling and compliance (e.g., IAM, CloudWatch, Secrets Manager, VPC segmentation) is a plus.

Experience with compliance tracking, documentation, or GRC tools; familiarity with enterprise platforms such as ServiceNow or equivalent is a plus.

Knowledge of POS systems, cardholder data environments, and segmentation practices.

Soft Skills

Strong attention to detail and analytical skills.

Excellent written and verbal communication skills.

Ability to work cross-functionally and manage multiple priorities in a fast-paced retail environment.

#LI-MS1