cybersecurity analyst senior, compliance

Now Brewing - cybersecurity analyst senior, compliance! #tobeapartner

This role supports Starbucks Technology as a PCI DSS v4.0 SME with expertise in network architecture, segmentation, encryption, and cardholder data environment (CDE) design and scoping. The cybersecurity analyst sr partners with engineering teams to design and validate solutions that meet PCI requirements while minimizing scope. This role leads PCI scoping and segmentation efforts, translates requirements into technical implementations, and supports GRC capabilities including automation, continuous monitoring, and evidence orchestration.

Operates independently to identify risks and drive cross-functional improvements.

As a cybersecurity analyst senior, compliance you will....

PCI Architecture & Engineering –

• Lead PCI architecture reviews, including segmentation design, network flows, and system interactions involving cardholder data

• Provides expertise on encryption (data at rest/in transit), tokenization, and key management

• Lead PCI scoping, validate data flows (DFDs), and CHD lifecycle

• Identify opportunities to eliminate or reduce cardholder data storage and shrink PCI scope

Compliance Program Operations –

• Translate PCI DSS requirements into technical control implementations

• Support PCI assessments (QSA-facing), including evidence validation, control testing, and remediation planning

• Design and maintain risk and control matrices aligned to PCI and enterprise standards

• Track remediation, risk acceptance, and exceptions with stakeholders

• Provide guidance on use of compliance and risk management tools and processes

• Develop documentation and training for compliance processes and tooling

Solution Design and Automation –

• Drive automation of PCI control validation and evidence collection

• Configure GRC/IRM platforms to support control testing, assessments, and reporting

• Enable continuous monitoring through integrations, APIs, and data models

• Develop metrics and dashboards for control health and risk visibility

• Gather, analyze, and document solution requirements. Facilitate user story creation and backlog grooming in an agile delivery environment

• Utilize agile delivery methodologies and participates on scrum teams to deliver on projects

• Effectively assess overall improvement opportunities (productivity/efficiency gains, cost savings, etc.)

Collaboration & Delivery –

• Partner with engineering teams to embed PCI requirements into system design

• Provide guidance aligned to policies, standards, and risk reduction

• Develop reusable templates, documentation, and training

• Support delivery of compliance capabilities and program metrics (KPIs)

• Self-directed; is successful with minimal direction from more senior analysts providing escalation when necessary

We'd love to hear from people with...

Basic Qualifications:

• Bachelor's degree in computer science or related field or 3+ years of relevant experience.

• Apply knowledge of business principles and technology practices to achieve successful outcomes in cros-function activities.

• Excellent analytical and problem-solving skills.

• Expertly align systems to business needs.

• Generate comprehensive documentation in support of systems.

• Exhibit exceptional oral and written interpersonal and communication skills.

• Experience Microsoft Office products such as Word and Excel proficiently.

• Apply a deep understanding of business processes and process improvement initiatives.

• Provide top-tier customer service.

• Implement system development concepts effectively.

• Proven working knowledge of systems development lifecycle and IT operations.

• Ability to use business knowledge, sound judgment, and resourcefulness to design and deploy highly reliable and sustainable technology solutions.

• Ability to balance multiple priorities and meet deadlines.

• Configuration knowledge of relevant applications/modules/platforms.

Preferred Qualifications:

• 3+ years of progressive industry experience in Information Risk Management, IT Governance, IT Compliance, Data Privacy or Internal/External Technology Audit disciplines, with at least two of those years in an IT or a software development setting.

• Experience in cybersecurity, network security, or cloud security, with direct exposure to PCI DSS environments

• Strong understanding of network architecture, cloud security design, encryption protocols

• Experience translating compliance requirements into technical solutions

Proven working knowledge of system development lifecycle and IT operations.

• Direct experience supporting PCI DSS assessments (QSA-facing)

• Experience designing or validating CDE segmentation in cloud and hybrid environments

• Familiarity with payment ecosystems (processors, tokenization)

• Exposure to Common Control Framework (CCF) practices with knowledge and ability to track common control requirements across numerous security and regulatory standards

• Ability to influence technical and business stakeholders in complex environments

• Certifications such as PCI QSA/ISA, PCIP, CISA, CISSP, CISM, CIPM or others focused on controls assurance, information security, data privacy or information risk management is a strong plus

• Hands on experience in developing roadmaps, story outlines, writing user stories, refining product backlogs, and coordinating/prioritizing conflicting requirements across teams in a fast-paced, changing environment

• Experience in engineering and/or platform role for GRC solutions and/or cybersecurity risk management solutions.

As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com (file:///C:/Users/rofunk/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/EHRXPAYM/starbucksbenefits.com) .

*If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above.

The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity.  At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate.

We believe we do our best work when we're together, which is why we're onsite four days a week.

Join us and inspire with every cup. Apply today!

Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.

_ _

_Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at _ View email address on click.appcast.io or View phone number on click.appcast.io.