PCI Security Analyst

Who we are

We are a yoga-inspired technical apparel company up to big things. The practice and philosophy of yoga informs our overall purpose to elevate the world through the power of practice. We are proud to be a growing global company with locations all around the world, from Vancouver to Shanghai, and places in between. We owe our success to our innovative product, our emphasis on our stores, our commitment to our people, and the incredible connections we get to make in every community we are in.

About this team

The cybersecurity team enables us to conduct its global operations in a secure manner and safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintaining a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced PCI Security Analyst, with demonstrated expertise in the Payment Card Industry - Data Security Standards (PCI - DSS).

A day in the life :

As a PCI Security Analyst on the Governance, Risk and Compliance Team, you will work collaboratively with the Cybersecurity GRC team along with stakeholders across the business to ensure the assessment, verification, review, and audit of technology controls and or business process controls around the enterprise related to PCI-DSS are in place. The PCI Analyst will be responsible for coordinating the collection of evidence, walkthrough meetings, remediation, and ensuring that teams are educated on what is required of them. Following are key areas of responsibility for this role :

• Responsible for assisting with the delivery of the annual Report on Compliance (ROC), Attestations of Compliance (AOC), and the operating effectiveness of our PCI program
• Works collaboratively with stakeholders across the business to ensure effective business and technology controls are in place for PCI-DSS
• Serves as subject matter expert for PCI-DSS requirements across the business
• Proactively communicate changes in requirements to teams and help drive implementation of new requirements
• Works with the Global Architecture and Technology teams to understand current and future payment strategies globally
• Identify, evaluate, document, and monitor the remediation of control deficiencies with an emphasis on assisting process and IT owners to remediate control deficiencies
• Assist with PCI-DSS quarterly control certifications and attestations
• Automate and assist in gathering audit evidence for PCI audits
• Assist with development and implementation of a PCI runbook and ensure PCI related controls are operating effectively
• Apply a risk-based approach to planning, executing, and reporting on PCI related audit engagements
• Create efficiencies for PCI audit engagements by establishing and maintaining a document request lists and evidence repositories
• Provides metrics and reports to demonstrate that the program delivers the expected outcomes and effectively supports business objectives

Qualifications :

Must haves :

Required Skills : Network Security

Basic Qualification :

Additional Skills : Security Engineer

This is a high PRIORITY requisition. This is a PROACTIVE requisition

Background Check : No

Drug Screen : No