Senior Security Grc Analyst (pci Isa Specialist)

877

Base: $88,951.00 - $150,432.00; bonus/equity: vari...
Hybrid (3 days in office starting march 1, 2026)
Pci dss 4.0 compliance management
Internal security assessor (isa) duties
Level 1 service provider assessment leadership
Commerce is seeking a Senior Security GRC Analyst specializing in PCI ISA to lead its PCI DSS program and contribute to broader GRC functions. The ideal candidate should have extensive experience in information security and compliance, particularly within cloud environments, and possess active PCI ISA or QSA certification

Job Summary

  • The company aims to empower businesses to innovate and grow through an open, AI-driven commerce ecosystem as the parent of BigCommerce and Feedonomics.
  • This role serves as the primary Subject Matter Expert for the global PCI DSS program, leading the continuous evolution of a mature PCI 4.0 environment.
  • The position requires acting as the technical bridge between Engineering teams and external auditors to ensure high-security standards are documented and validated.

Matching Summary

Match Score: 85

Commerce is seeking a Senior Security GRC Analyst specializing in PCI ISA to lead its PCI DSS program and contribute to broader GRC functions. The ideal candidate should have extensive experience in information security and compliance, particularly within cloud environments, and possess active PCI ISA or QSA certification.

Salary

Base: $88,951.00 - $150,432.00; Bonus/Equity: Variable compensation eligible; Benefits: Local policies apply

Skills & Requirements

Must-have

  • PCI DSS 4.0 compliance management
  • Internal Security Assessor (ISA) duties
  • Level 1 Service Provider assessment leadership
  • Cloud-native environment security experience
  • Network segmentation and scoping validation

Nice-to-have

  • SOC2 Type 2 audit management experience
  • ISO 27001:2022 framework knowledge
  • GRC automation and tool familiarity
  • Compliance by design architectural advisory
  • Automated evidence collection workflows

Key Requirements

  • 6+ years in Information Security or IT Audit
  • 3+ years deep focus on PCI DSS in cloud-native environments
  • Active PCI ISA or PCI QSA certification mandatory
  • Proven experience leading Level 1 Service Provider assessments

Work Rights

Not specified

Tailored Resume

Cover Letter