Lead PCI Analyst
$139.99k - $174.01kRemote Jobs
US Base Salary Range: $139,991 - $174,009 About Us Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com. About the Role Bonterra's Information Security, Risk & Compliance team is hiring a Lead PCI Compliance Analyst to own our PCI DSS Level 1 certification program, partner with Engineering on PCI security by design, and serve as a senior risk analyst within the Risk function. This role works horizontally across the company, advising engineering and product teams during the design phase of greenfield payment work, leading response and coordination for PCI Level 1 events, and extending PCI risk analysis to cover AI components introduced into payment systems. It sits at the border of compliance and engineering, requiring fluency in both control design and technical architecture, and supports related frameworks such as ISO 27001:2022 and SOC reporting. Job Responsibilities Own end to end PCI DSS Level 1 readiness, certification activities, and coordination with QSA assessors Advise Engineering and Product teams during the design phase on PCI control selection, scope containment, and security by design patterns for both greenfield and modernization payment architectures, with depth across the following engineering disciplines: Tokenization architecture: tradeoffs between vault based and vaultless tokenization, format preserving encryption, scope reduction analysis, and the downstream impact on application code paths, storage layers, and integration points with acquirers and processors Cardholder data environment network segmentation: VLAN and microsegmentation strategies, service mesh policy enforcement, ingress and egress controls, jump host and bastion design, and segmentation validation testing under PCI DSS v4.0.1 Requirement 11.4.5 Cryptographic key management: HSM and cloud KMS architecture, FIPS validated cryptographic module selection, key hierarchy and envelope encryption, key rotation cadence, and separation of duties for key custodians under Requirements 3.6 and 3.7 Secure SDLC and threat modeling for payment flows: STRIDE and PASTA modeling of authorization, capture, and settlement paths, SAST, DAST, and SCA gating, secrets scanning, and software supply chain controls including SBOM generation, signed artifacts, and build provenance Logging, monitoring, and file integrity: append only audit logs with cryptographic integrity, file integrity monitoring across ephemeral and containerized workloads, and centralized log aggregation with PCI specific correlation rules under Requirement 10 Lead and manage response to PCI Level 1 events, including investigation, evidence preservation, control failure analysis, executive communications, regulator and brand notifications where applicable, and remediation oversight through closeout Serve as a Senior Risk Analyst within the Risk function, conducting in depth risk analysis on PCI security by design questions and on AI components embedded within payment systems (including model inference, prompt and data flows touching cardholder data, retrieval pipelines, and third party AI services entering PCI scope) Drive greenfield workstreams that establish new PCI controls, scope boundaries, or architectural patterns rather than only maintaining existing ones Partner with Product Security on modernization initiatives that reduce PCI scope and improve control design Maintain scope documentation, evidence, and operational reports for PCI controls Manage issues, exceptions, compensating controls, and risk acceptance tracking with timely remediation Align PCI evidence and controls with ISO 27001 and SOC frameworks to streamline reporting Support audits, vendor assessments, and customer due diligence requests related to PCI Maintain compliance ticket queues, supplier and control registers, and awareness activities Collaborate with Information Security, Risk & Compliance team members and control owners companywide Requirements 7 or more years of PCI DSS program management experience with direct involvement in Level 1 merchant or service provider assessments under DSS v4.0.1 Demonstrated experience advising engineering teams during the design phase, translating PCI requirements into architectural and implementation guidance engineers can execute against, including for greenfield builds at the border of compliance and engineering Proven track record leading or coordinating PCI Level 1 events end to end, from initial triage through executive reporting, evidence package delivery, and remediation closeout Senior risk analyst depth: ability to conduct independent risk analysis at the requirement level and at the architectural level, including scoping determinations, compensating control construction, security by design tradeoffs, and risk acceptance documentation defensible under audit Working understanding of AI and machine learning components in payment or cardholder data environments, including how model inference, vector stores, retrieval pipelines, and third party AI services intersect with PCI scope and data flow assumptions Experience engaging QSAs from an authoritative posture, substantiating risk positions with documented evidence rather than deferring to QSA interpretation Hands on field experience working directly within engineering and infrastructure teams to evaluate control implementation at the technical layer and translate requirements into actionable remediation tasks Familiarity with ISO 27001 and cloud native service environments Strong analytical, organizational, and communication skills with the ability to produce defensible compliance documentation under audit conditions Experience with GRC platforms, ticketing systems, and security tooling (for example SIEM or vulnerability scanners) Preferred certifications: PCIP, ISA (prior QSA credential strongly preferred), CISA, CISM, CISSP At this time, we are unable to consider candidates who require current or future sponsorship for employment authorization. Our Culture At Bonterra, we're innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. At Bonterra, we foster an inclusive, equitable culture where every team member belongs and contributes to meaningful impact. Read more about our values and culture here. Compensation & Benefits We offer a comprehensive benefits package that supports your health, well-being and growth - explore full details here. Compensation and benefits for this role apply to full-time employees in the United States and may vary based on local standards, laws and norms. Pay is determined by location, skills, experience, and education, and is one part of Bonterra's total rewards package, which may also include bonuses, incentives, equity, and a comprehensive benefits program. Equal Opportunity & Accommodations At Bonterra, we are proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We provide equal employment opportunities without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, veteran status, or any other characteristic protected by law. If you require a reasonable accommodation during the application process, please submit a request. #J-18808-Ljbffr Remote Jobs
$160k - $175k
...conducting quality analyses for customer datasets. In 6 months Lead data validation efforts and advise customers on how ingestion and... ...management software market and have been recognized by industry analysts KLAS, IDC, Forrester, and Chilmark for our leadership. For a better...SuggestedRemote workFlexible hours$168k - $195k
...security measures are in place and aligned with enterprise architecture standards and principles. About The Role As the Principal Lead Analyst of DART, you are the ultimate technical authority for cyber defense and incident response. This is a high-impact leadership role...Suggested16 hoursWork at officeLocal areaImmediate startRemote workRelocationShift work$70 - $90 per hour
...Job Duration: 4+ Months with possible extension Location: Remote Pay Rate: $70/hr - $90/hr on W2 Job Description The UKG WFM Pro Lead Analyst is responsible for leading integrations between UKG WFM Pro (UKG Pro) and internal/external systems. The analyst supports the...SuggestedContract workRemote work- ...Circle Internet Management Services LLC in New York is seeking a Senior AML Analyst to enhance sanctions compliance processes. You will execute reviews, assess risk, and ensure documentation within a flexible, high-growth environment. The ideal candidate has 4+ years of...SuggestedFlexible hours
- ...Lead Business Analyst This role sits within Calastone, an SS&C company, and is the largest global funds network connecting the world's leading financial organizations. Our mission is to help the funds industry transform by creating innovative new ways to automate and...SuggestedOngoing contractWork at office
- ...Lead Business Analyst The mission of the Division of Examinations is to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that: improve compliance; prevent fraud; monitor risk; and inform policy. The...
- ...communications skills. Jira/ Confluence: Very good understanding & Project and Stakeholder management skills must. The Lead Business Analyst will be responsible for overseeing data analysis, business analysis, and Agile methodology to drive business objectives and...
- - Prototype and pilot. Stand up lightweight proofs-of-concept (often with off-the-shelf AI tools) to validate value before larger investment. - Measure outcomes. Define success metrics, baseline current state, and quantify the impact of deployed solutions. ...
- ...Job Summary The Lead Business Analyst specializing in Business Process Modelling is responsible for analyzing and optimizing business processes to drive efficiency and effectiveness. This role involves identifying areas for improvement, designing new processes, and collaborating...
- ...Lead Business Analyst 8+ years of Capital Markets experience with good understanding of business and technologies flows and stakeholder management. Very good documentation skills. Jira/ Very good understanding & Project and Stakeholder management skills must. The Lead...
- ...governance, risk management, compliance, and audit coordination. The role demands leadership in significant compliance programs such as PCI DSS, GDPR, and UK GDPR. Located remotely in the United States, you will collaborate with cross-functional teams and contribute...Remote job
- Bonterra is seeking a Lead PCI Compliance Analyst to oversee PCI DSS Level 1 certification initiatives. The role requires a strategic thinker who can work horizontally across the organization, collaborating with engineering and product teams to ensure security in payment...Remote workFlexible hours
- The Agency DEPT OF HEALTH/MENTAL HYGIENE is seeking a Surveillance Analyst to support the Bureau of Environmental Disease Prevention in New York City. You will work with a multidisciplinary team to maintain surveillance applications and prepare reports related to environmental...Work at office
- A leading investment bank is seeking an Investment Banking Deal Lead at the Analyst Level in New York City. This role involves managing deal execution, conducting financial analysis, and directly interacting with clients. Candidates are expected to have a Bachelor's degree...
- Bodwe Professional Services, LLC is seeking a Program Analyst to support the Department of Defense's Real Property Systems of Record. This position involves acting as a technical lead and providing expertise in data management and reporting across various systems. The successful...
- ...Horowitz (a16z), OpenAI Startup Fund, and Kleiner Perkins — and we’re just getting started. Summary Ambience is looking for an Analyst Relations Lead on a contract basis to build and execute our AR program from the ground up. In this role, you will establish Ambience as...Full timeContract workImmediate startRemote workFlexible hours
- Overview This position is posted by Jobgether on behalf of a partner company. We are currently looking for a FM Advisory Analyst. In this role, you will play a crucial part in supporting the efficient and cost-effective operation of facilities. You will collect, analyze...Remote jobTemporary workWork at officeFlexible hours
- A leading utility services provider is seeking a Lead Total Rewards Analyst in Pennsylvania. This role focuses on compensation strategy and program administration while supporting benefits administration and HR analytics. Candidates should have a Bachelor's degree and 5...
$228.3k - $246.3k
## Regulatory Capital Risk Sr. Lead AnalystApplyremote type: Hybridlocations: New York New York United Statestime type: Full timeposted... ...26951985Citibank, N.A. seeks a Regulatory Capital Risk Sr. Lead Analyst for its New York, NY location.Duties: Develop the risk...Full timeRemote work- ...Education Desired: Bachelor of Business Administration Job Description Why This Role Matters: This is not a traditional pricing analyst role focused solely on reporting and maintenance. You will have the unique opportunity to help shape pricing strategy for some of FIS...Full time
- A leading supply chain management firm is looking for an Analyst Relations Lead to enhance market credibility through effective engagement with top industry analysts. This remote role requires extensive experience in Analyst Relations and a strong understanding of enterprise...Remote job
$72.8k - $130k
UnitedHealth Group is seeking a qualified Epic HIM Analyst to support EHR Services in the U.S. This remote position involves managing integration teams and ensuring project success across healthcare technology implementations. Qualified candidates will have active Epic...Remote job- The Hispanic Alliance for Career Enhancement is seeking a Senior Epic Analyst in Kentucky. This role focuses on leading complex projects, providing vital technical support, and mentoring junior analysts, all while enhancing patient care through optimized workflows. The...
- The Hispanic Alliance for Career Enhancement is looking for a Senior Epic Analyst in Georgia. This subject matter expert will lead complex projects, provide advanced technical support, and mentor junior analysts while optimizing workflows and enhancing patient care. The...
$145k
...with Lifecycle Marketing, Finance, Data Science and DTC Executives to drive subscriber growth and retention. Role Details The Senior Analyst will report into the VP of User Lifecycle Analytics, and will support a wide range of initiatives, partnering with the Lifecycle...- Location: New York, NY (Hybrid) Employment Type: Full-Time Industry: Investment Banking / Financial Services Experience Level: Lead Analyst / Mid-Level Compensation: Competitive base salary + performance bonus (varies by employer) About This Opportunity This posting represents...Full time
- Independence Pet Group is seeking a Senior Benefits Analyst to support benefits administration and enhance employee wellbeing. This key role requires strong HR experience to manage compliance and contribute to wellbeing programs. The position offers a hybrid work model...
$60k - $86.25k
## Analyst II, QC Aseptic Control, Lead (Night Shift)Applylocations: USA - OH - West Chestertime type: Full timeposted on: Posted 3 Days Agojob requisition id: R-106865A career at Resilience is more than just a job - it’s an opportunity to change the future.Resilience...Local areaImmediate startWork visaNight shift$83.43k - $222.48k
The Hispanic Alliance for Career Enhancement seeks a Senior Epic Analyst in Idaho. This full-time position requires a Bachelor’s degree and three years of experience. The analyst will lead projects, provide technical support, and enhance Epic system functionalities. A pay...Full time- ...Location This is a remote position. You can work from home and be located anywhere in Canada or the USA About The Role The Analyst Relations Lead plays a strategic role in strengthening Kinaxis’ market credibility and competitive positioning through proactive...Remote workWork from homeFlexible hoursShift work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Lead PCI Analyst. Be the first to apply!
- health analyst New York, NY
- hospitality analyst New York, NY
- strategy analyst intern New York, NY
- senior contracts analyst New York, NY
- international analyst New York, NY
- incident response analyst New York, NY
- manufacturing analyst New York, NY
- military analyst New York, NY
- pharmacy analyst New York, NY
- travel and expense analyst New York, NY

