Pci Compliance Analyst

This is an environment unlike anythingin the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2021, Costco contributed over $58 million to organizations such as United Way and Children's Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes "World's Best Employers".

The Compliance Analyst will be responsible for ensuring and delivering the PCI DSS compliance of people, process, and technology of payment channels at Costco.

If you want to be a part of one of the worldwide BEST companies "to work for", simply apply and let your career be reimagined.

ROLE

• Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.

• Identifies problems, analyzes data, and presents findings in a professional manner; recommends mitigations either via new technology, alternative compensating controls or policy modifications to improve overall security posture.

• Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.

• Establishes and implements methodologies designed to identify general system and business controls; and identifies and prioritizes risks.

• Designs IT testing procedures to identify and evaluate risk exposures; and determines the effectiveness and efficiency of controls.

• Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation.

• Stays current with new and evolving security topics and technologies via formal training and self-directed education.

• Manages and communicates key compliance milestones for critical systems and complex processes.

• Establishes and meets deadlines to ensure adherence to rules and regulations.

• Assists and supports the organization with initial compliance with ongoing preparation, testing, and monitoring of conformance.

• Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.

• Audits information system activities and systems to confirm compliance; and provides management with compliance assessments.

• Develops, manages, and executes plans to communicate and remediate all known material weaknesses or significant deficiencies; and minimizes any findings noted by either internal or external auditors.

• Engages and collaborates with a variety of internal departments and external organizations, may include, but not limited to, legal firms, law enforcement agencies, and all other levels of government, to ensure follow through and completion of compliance and mitigation activities.

• Identifies risks and evaluates findings while working with internal departments/business units to appropriately address the findings.

• Understands and documents complex branded payment acceptance or card servicing processes.

• Applies established PCI DSS scoping criteria.

• Obtains and reviews evidence of compliance to support technical or complex PCI DSS requirements.

• Supports the completion of the annual PCI DSS Report on Compliance.

• Drives necessary system and process updates.

• Scopes, interprets, and prioritizes both application and network vulnerability test results.

• Manages and communicates key compliance milestones for critical systems and complex processes.

• Facilitates interaction between the business and Costco's PCI DSS Qualified Security Assessor (QSA).

• Consults on moderately complex PCI DSS compliance considerations.

• Works closely with cross-functional teams and develops strong liaison relationships.

• Stays current with new and evolving security topics and technologies via formal training and self-directed education.

• Shares knowledge and experiences with others to help grow the team talent bench through training and mentoring.

REQUIRED

• 3-6 year' IT background; experience with compliance and/or regulatory issues preferred.

• Prior experience supporting a Level 1 or Level 2 organization's PCI DSS compliance effort, working with an ISA or QSA, or serving as a ISA or QSA.

• Intermediate knowledge of all requirements of the current PCI DSS, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands.

• Intermediate knowledge of five or more of the following technical areas: network segmentation, operating system security,encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.

• Able to scope, interpret, and prioritize both application and network vulnerability test results.

• Ability to identify problems, analyze data, and present conclusions effectively.

• Intermediate knowledge of NACHA and SWIFT frameworks and understanding of protecting financial data.

• Innovative, creative, and work well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency.
Recommended

• Past or current certifications in one of the following areas: Security , CISSP, ISA, QSA.

• Proven people management experience - worked with a variety of teams, globally.

• Ability to propose creative solutions to successfully remediate identified compliance issues.

Required Documents

• Cover Letter

• Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level 2 - $85,000 - $120,000

Level 3 - $110,000 - $150,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas .