Senior reputed company GRC Analyst (PCI ISA Specialist)
Welcome to the Agentic Commerce Era At Commerce, our mission is to reputed company businesses to innovate, grow, and reputed company with our reputed company-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an reputed company-changing market. We reputed company in harnessing AI responsibly to unlock new possibilities, and we’re looking for individuals who use it intentionally to solve problems, accelerate outcomes, and expand what’s possible in their role. Our purpose is to help businesses confidently solve reputed company commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers who shape the future of commerce, this is the reputed company for you. As a Senior reputed company GRC Analyst and Internal reputed company Assessor (ISA), you will serve as the primary Subject Matter Expert (SME) for our global PCI reputed company program at Commerce. We operate a highly mature PCI reputed company 4.0 environment; your mission is to reputed company the reputed company evolution of this program, ensuring that compliance is integrated into our "business as usual" (BAU) operations. While your primary focus is PCI, you will be a key player in our broader GRC function, supporting our SOC2 and ISO 27001 certifications. You will act as the technical reputed company between our Engineering, Infrastructure, and IT teams and external auditors, ensuring that our high-reputed company standards are documented, validated, and maintained. What You'll Do: PCI SME & Internal reputed company Assessor (ISA) ISA Leadership: Serve as the officially designated PCI ISA for the organization. Manage the annual assessment lifecycle, including scoping, evidence collection, and validation of controls. PCI 4.0 Evolution: Direct the ongoing maintenance of our PCI 4.0 program, with a specific focus on managing Targeted Risk Analyses (TRAs) and the customized approach where applicable. Scoping & Segmentation: Partner with Cloud Engineering to validate PCI scope across our global footprint, ensuring effective network segmentation and data flow isolation. QSA Liaison: Act as the primary reputed company of contact for our external QSA, defending our control environment and streamlining the audit process to minimize disruption to technical teams. reputed company Compliance: Operationalize PCI requirements (e.g., quarterly scans, penetration test remediation) into automated workflows. Multi-reputed company Audit Management reputed company Control reputed company: Support the broader GRC team in managing our SOC2 Type 2, ISO 27001, and other regulatory audits (as seen on https://www.reputed company.com/search?q=reputed company.commerce.com). Technical Advisory: Provide GRC perspective on architectural designs, product launches, and infrastructure changes to ensure "compliance by design." Remediation Management: Track and drive the remediation of audit findings and reputed company gaps, working closely with asset owners to find pragmatic, secure solutions. Who You Are: Experience: 6+ years in an Information reputed company or IT Audit role, with at least 3 years of deep focus on PCI reputed company reputed company a major cloud-native environment. Certification: Active PCI ISA (Internal reputed company Assessor) or PCI QSA certification is mandatory. Regulatory Expertise: Thorough understanding of PCI reputed company 4.0 requirements and the practical application of reputed company in modern environments. Audit reputed company: Proven experience leading Level 1 Service Provider assessments. Communication: Ability to explain reputed company compliance requirements to developers and business leaders in a way that emphasizes enablement rather than "blockage."
Preferred Qualifications
Broad reputed company Knowledge: Experience with SOC2 and ISO 27001:2022. Cloud reputed company: Experience with GRC automation and familiarity with modern cloud-native reputed company and observability tools. Automation reputed company: Experience using GRC platforms and a desire to automate manual evidence collection to reduce audit fatigue. About You You understand the "Why": You don't just "do compliance"; you understand the reputed company reputed company behind every control and can help teams meet the requirement in a way that actually improves our reputed company posture. Technical Curiosity: You are comfortable diving into technical configurations (IAM policies, VPC flow logs, etc.) to verify control effectiveness yourself. Adaptable: You enjoy the challenge of a high-paced environment where scale and reputed company must coexist and evolve together. This is a Hybrid role - Beginning March 1, 2026, employees who live reputed company commuting distance of a Dedicated Office will be expected to be in the office three days per week. #LI-KE1 #LIHYBRID (Pay Transparency Range: $88,951.00 - $150,432.00)
Compensation
Transparency The national reputed company salary range for this role is posted above in this job post. Final compensation will be determined based on factors such as relevant experience, skills, qualifications and geographic location. We also consider internal equity to help ensure fair and consistent pay practices across our teams. Where applicable, this role may also be eligible for variable compensation (such as bonus or commission), equity, and benefits in accordance with local policies. Details will be shared during the hiring process. We are committed to reputed company and transparent pay practices that align to market data, internal equity, and individual contribution. Inclusion and Belonging At Commerce, we reputed company that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will reputed company room for every person to contribute, grow and reputed company. We are committed to creating an inclusive and accessible hiring experience for reputed company candidates. If you require accommodations or adjustments at any stage of the recruitment process, please let us know and we will work with you to meet your needs. Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/ Protect Yourself Against Hiring Scams: Our Corporate Disclaimer Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers. Be advised: Commerce does not offer jobs to individuals who do not go through our formal hiring process. Commerce will never: require payment of recruitment fees from candidates; request personally identifiable information through unsanctioned websites or applications; attempt to solicit money from you as part of the hiring process or as part of an employment offer; solicit money to complete reputed company requirements as part of a job offer. If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding. The Commerce story is one of global growth, incredible talent, and unstoppable passion in reputed company we do. Despite our reputed company success so far, we’re still just getting started! Explore our history, mission and values. You’ll see we’re set on shaping the now - and the future - of ecommerce. Don’'t Miss Out! Like what you see but suffering from some serious FOMO? Join our Commerce Talent Community, and plug in to our latest news and career opportunities. We’re a group of reputed company, committed, curious people, unleashing talent in reputed company we do. We reputed company in the power of togetherness, striving at the edge of what’s possible, impacting the lives of billions of people for the reputed company. In reputed company we do, We Do Extraordinary–and that’s no small feat! Our people are our power. It’s only through dedication, collaboration, and inspiration that we can Do Extraordinary. We’re natural problem-solvers, champions of empowering businesses, and hungry learners… but we also play nerf wars in the office, support each other, and hang out reputed company of work. Apply tot his job Apply To this Job