Full Job Description
This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children's Miracle Network Hospitals.
Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”.
The IT Compliance Analyst will be responsible for ensuring the PCI DSS compliance of people, process, and technology for a subset of focused PCI DSS requirements at Costco.
If you want to be a part of one of the BEST “to work for” companies in the world, simply apply and let your career be reimagined.
ROLE
Understands and documents complex branded payment acceptance or card servicing processes.
Applies established PCI DSS scoping criteria.
Obtains and reviews evidence of compliance to support technical or complex PCI DSS requirements.
Supports the completion of the annual PCI DSS Report on Compliance.
Drives necessary system and process updates.
Scopes, interprets, and prioritizes both application and network vulnerability test results.
Manages and communicates key compliance milestones for critical systems and complex processes.
Facilitates interaction between the business and Costco’s PCI DSS Qualified Security Assessor (QSA).
Consults on moderately complex PCI DSS compliance considerations.
Works closely with cross-functional teams and develops strong liaison relationships.
Stays current with new and evolving security topics and technologies via formal training and self-directed education.
Shares knowledge and experiences to help grow the team talent bench through training and mentoring.
REQUIRED
Over 5+ years’ IT background; experience with compliance or regulatory issues preferred.
Prior experience supporting a Level 1 or Level 2 organization’s PCI DSS compliance effort, working with an ISA or QSA, or serving as a ISA or QSA.
Intermediate knowledge of all requirements of the current PCI DSS, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands.
Intermediate knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, antivirus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.
Able to scope, interpret, and prioritize both application and network vulnerability test results.
Ability to identify problems, analyze data, and present conclusions effectively.
Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and stakeholders in an effective and appropriate manner.
Excellent productivity tool skills (spreadsheets, slide decks, documents).
Recommended
Past or current certifications in one of the following areas: Security+, CISSP, ISA, QSA.
Proven people management experience – worked with a variety of teams globally.
Ability to propose creative solutions to successfully remediate identified compliance issues.
Required Documents
Cover Letter
Resume
California applicants, please click here to review the Costco Applicant Privacy Notice.
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.