Job Description

Job role : GRC/PCI Analyst

Duration : 6-8 weeks

Location : Remote

Position Summary:

We are looking for a hands-on GRC / PCI Analyst with ~5 8 years of experience to help execute and support compliance, risk, and security control activities. This person will assist in PCI, GRC, and regulatory reviews (e.g. NIST, ISO, HIPAA), collaborate with technical teams, and help maintain compliance posture under guidance.

Key Responsibilities:

• Assist with PCI DSS tasks: scoping, evidence collection, gap assessments, remediation tracking.
• Support control testing and validation across IT, application, and security domains.
• Participate in risk assessments (systems, processes, vendors) and document findings.
• Help maintain policies, standards, and control documentation aligned to frameworks (NIST, ISO, HIPAA).
• Collaborate with engineering, operations, security teams to embed controls and respond to technical questions.
• Prepare materials and evidence for internal / external audits and help respond to auditor requests.
• Track and report on compliance metrics, deadlines, remediation status.
• Stay current on updates to PCI, NIST, ISO, HIPAA, and advise where gaps may emerge.

Qualifications & Skills:

• 5 to 8 years of experience in GRC, compliance, IT risk, or security support roles.
• Working knowledge of PCI DSS (Digital Dozen, SAQ / RoC basics).
• Familiarity with NIST (800-series / CSF), ISO 27001 (or similar), and HIPAA Security Rule.
• Experience assisting in audits, evidence gathering, remediation.
• Good organizational skills; able to manage multiple compliance tasks and deadlines.
• Able to communicate with technical and non-technical stakeholders.
• Experience with GRC or audit tools (e.g. Archer, MetricStream, OneTrust) is a plus.
• (Nice to have) Certification or coursework in information security / GRC (e.g. CISA, CISSP, CRISC).

Job Tags

Similar Jobs