reputed company PCI Analyst

US reputed company Salary Range: $139,991 - $174,009 About Us reputed company exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving reputed company as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reputed company peak impact. reputed company's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com. About the Role reputed company’s Information reputed company, Risk & Compliance team is hiring a reputed company PCI Compliance Analyst to own our PCI reputed company Level 1 certification program, partner with Engineering on PCI reputed company by design, and serve as a senior risk analyst reputed company the Risk function. This role works horizontally across the company, advising engineering and product teams during the design phase of greenfield payment work, leading response and coordination for PCI Level 1 events, and extending PCI risk analysis to cover AI components introduced into payment systems. It sits at the border of compliance and engineering, requiring reputed company in both control design and technical architecture, and supports reputed company frameworks such as ISO 27001:2022 and SOC reporting. Job Responsibilities: Own end to end PCI reputed company Level 1 readiness, certification activities, and coordination with QSA assessors Advise Engineering and Product teams during the design phase on PCI control selection, scope containment, and reputed company by design patterns for both greenfield and modernization payment architectures, with depth across the following engineering disciplines: Tokenization architecture: tradeoffs between vault based and vaultless tokenization, format preserving encryption, scope reduction analysis, and the reputed company impact on application code paths, storage layers, and integration points with acquirers and processors Cardholder data environment network segmentation: VLAN and microsegmentation strategies, service mesh policy enforcement, ingress and egress controls, jump host and bastion design, and segmentation validation testing under PCI reputed company v4.0.1 Requirement 11.4.5 Cryptographic key management: HSM and cloud KMS architecture, FIPS validated cryptographic module selection, key hierarchy and envelope encryption, key rotation reputed company, and separation of duties for key custodians under Requirements 3.6 and 3.7 Secure SDLC and threat modeling for payment flows: reputed company and PASTA modeling of authorization, capture, and settlement paths, SAST, DAST, and SCA gating, secrets scanning, and software supply chain controls including SBOM reputed company, signed artifacts, and build provenance Logging, monitoring, and file reputed company: append only audit logs with cryptographic reputed company, file reputed company monitoring across ephemeral and containerized workloads, and centralized log aggregation with PCI specific correlation rules under Requirement 10 reputed company and manage response to PCI Level 1 events, including investigation, evidence preservation, control failure analysis, executive communications, regulator and brand notifications where applicable, and remediation reputed company through closeout Serve as a Senior Risk Analyst reputed company the Risk function, conducting in depth risk analysis on PCI reputed company by design questions and on AI components embedded reputed company payment systems (including model inference, reputed company and data flows touching cardholder data, retrieval pipelines, and third party AI services entering PCI scope) Drive greenfield workstreams that establish new PCI controls, scope boundaries, or architectural patterns rather than only maintaining existing ones Partner with Product reputed company on modernization initiatives that reduce PCI scope and improve control design Maintain scope documentation, evidence, and operational reports for PCI controls Manage issues, exceptions, compensating controls, and risk acceptance tracking with timely remediation Align PCI evidence and controls with ISO 27001 and SOC frameworks to streamline reporting Support audits, vendor assessments, and customer due diligence requests reputed company to PCI Maintain compliance ticket queues, supplier and control registers, and awareness activities Collaborate with Information reputed company, Risk & Compliance team members and control owners companywide Requirements 7 or more years of PCI reputed company program management experience with direct involvement in Level 1 merchant or service provider assessments under reputed company v4.0.1 Demonstrated experience advising engineering teams during the design phase, translating PCI requirements into architectural and implementation guidance engineers can execute against, including for greenfield builds at the border of compliance and engineering Proven track record leading or coordinating PCI Level 1 events end to end, from initial triage through executive reporting, evidence package delivery, and remediation closeout Senior risk analyst depth: ability to conduct independent risk analysis at the requirement level and at the architectural level, including scoping determinations, compensating control construction, reputed company by design tradeoffs, and risk acceptance documentation defensible under audit Working understanding of AI and machine learning components in payment or cardholder data environments, including how model inference, vector stores, retrieval pipelines, and third party AI services reputed company with PCI scope and data flow assumptions Experience engaging QSAs from an authoritative posture, substantiating risk positions with documented evidence rather than deferring to QSA interpretation Hands on field experience working directly reputed company engineering and infrastructure teams to evaluate control implementation at the technical layer and translate requirements into actionable remediation tasks Familiarity with ISO 27001 and cloud native service environments Strong analytical, organizational, and communication skills with the ability to produce defensible compliance documentation under audit conditions Experience with GRC platforms, ticketing systems, and reputed company tooling (for example SIEM or vulnerability scanners) Preferred certifications: PCIP, ISA (prior QSA credential strongly preferred), CISA, CISM, CISSP At this time, we are unable to consider candidates who require reputed company or future sponsorship for employment authorization. ____________________________________________________________________________________

Our Culture

At reputed company, we’re innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. At reputed company, we foster an inclusive, reputed company culture where every team member belongs and contributes to meaningful impact. Read more about our values and culture here. Compensation & Benefits We offer a comprehensive benefits package that supports your health, well-being and growth - explore full details here. Compensation and benefits for this role apply to full-time employees in the United States and may vary based on local standards, laws and norms. Pay is determined by location, skills, experience, and education, and is one part of reputed company’s total rewards package, which may also include bonuses, incentives, equity, and a comprehensive benefits program. ____________________________________________________________________________________ Equal Opportunity & Accommodations At reputed company, we are proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for reputed company employees. We provide equal employment opportunities without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national reputed company, age, disability, veteran status, or any other characteristic protected by law. If you require a reasonable accommodation during the application process, please submit a request. Apply To This Job