PCI Security Analyst

Who we are

We are a yoga-inspired technical apparel company up to big things. The practice and philosophy of yoga informs our overall purpose to elevate the world through the power of practice. We are proud to be a growing global company with locations all around the world, from Vancouver to Shanghai, and places in between. We owe our success to our innovative product, our emphasis on our stores, our commitment to our people, and the incredible connections we get to make in every community we are in.

About this team

The cybersecurity team enables us to conduct its global operations in a secure manner and safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintaining a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced PCI Security Analyst, with demonstrated expertise in the Payment Card Industry - Data Security Standards (PCI - DSS).

A day in the life:

As a PCI Security Analyst on the Governance, Risk and Compliance Team, you will work collaboratively with the Cybersecurity GRC team along with stakeholders across the business to ensure the assessment, verification, review, and audit of technology controls and or business process controls around the enterprise related to PCI-DSS are in place. The PCI Analyst will be responsible for coordinating the collection of evidence, walkthrough meetings, remediation, and ensuring that teams are educated on what is required of them. Following are key areas of responsibility for this role:

• Responsible for assisting with the delivery of the annual Report on Compliance (ROC), Attestations of Compliance (AOC), and the operating effectiveness of our PCI program
• Works collaboratively with stakeholders across the business to ensure effective business and technology controls are in place for PCI-DSS
• Serves as subject matter expert for PCI-DSS requirements across the business
• Proactively communicate changes in requirements to teams and help drive implementation of new requirements
• Works with the Global Architecture and Technology teams to understand current and future payment strategies globally
• Identify, evaluate, document, and monitor the remediation of control deficiencies with an emphasis on assisting process and IT owners to remediate control deficiencies
• Assist with PCI-DSS quarterly control certifications and attestations
• Automate and assist in gathering audit evidence for PCI audits
• Assist with development and implementation of a PCI runbook and ensure PCI related controls are operating effectively
• Apply a risk-based approach to planning, executing, and reporting on PCI related audit engagements
• Create efficiencies for PCI audit engagements by establishing and maintaining a document request lists and evidence repositories
• Provides metrics and reports to demonstrate that the program delivers the expected outcomes and effectively supports business objectives

Qualifications:

• 5+ years in Security GRC or a related field with in-depth working knowledge of PCI DSS Standards (3.2.1 or higher)
• PCI PCIP, QSA, or ISA certification preferred
• Execute compliance reviews; facilitate remediation planning, exposure tracking and communicating risk all done in accordance with the Payment Card Industry Standard and other regulatory frameworks as needed
• Experience working with internal and external auditors
• Strong knowledge of information systems auditing, monitoring, and controlling the assessment process
• Knowledge of the following areas: cloud computing, computer networking, network security practices, compliance or computer security
• Proven experience in aligning multiple stakeholders to lead the strategic path and delivery of the implementation of PCI controls
• Experience with ServiceNow in driving automation and efficiencies in audit and compliance processes
• Passion for problem solving with an ability to excel in an ambiguous environment
• Demonstrated ability to function in a fast paced, multi-program environment with changing priorities
• Strong leadership skills, including the ability to influence and gain consensus in the absence of direct authority
• Proven results working with global and remote teams across different time zones

Must haves:

• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness and creates the space for others to do the same.
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working, aka doesn't take themselves too seriously.

Required Skills : Network Security

Basic Qualification :

Additional Skills : Security Engineer

This is a high PRIORITY requisition. This is a PROACTIVE requisition

Background Check : No


Drug Screen : No