Note: The job is a remote job and is open to candidates in USA. Entrust is an industry leader in identity-centric security solutions, serving over 150 countries with cutting-edge technologies. They are seeking a Senior Security Compliance Analyst to lead compliance efforts for PCI DSS and SOC 2 programs, ensuring effective control design and audit readiness.
Responsibilities
- Leading PCI DSS compliance-related activities and certification
- Supporting the evolution and execution of the SOC 2 program, including control design, testing, and evidence collection
- Maintaining required evidence artifacts and ensuring traceability of evidence
- Interpreting and operationalizing security and compliance requirements into actionable control activities for engineering and operations
- Serving as SME for PCI DSS and SOC 2 compliance, advising internal teams and customers
- Partnering with control owners to ensure controls meet PCI DSS requirements and Trust Services Criteria (Security, Availability, Confidentiality, etc.)
- Supporting external audits by preparing evidence, responding to auditor requests, coordinating audit activities, and tracking remediation
- Driving coordination with third parties (e.g., service providers, hosting partners) to ensure shared control alignment
- Ensuring audit readiness through continuous proactive gap assessments and control testing throughout the year
- Identifying, assessing, and communicating compliance and security risks to stakeholders
- Identifying, tracking, and driving closure of audit findings and control deficiencies
- Contributing to the development and maintenance of security policies, standards, and procedures
Skills
- 5+ years in security compliance, audit, or GRC with a strong understanding of administrative, technical, and physical controls, including how they support one another
- Hands-on technical and audit experience with PCI DSS and SOC 2 compliance
- Ability to work across multiple time zones with virtual global teams
- Strong technical understanding of cloud environments and shared responsibility models
- Strong technical understanding of access control, change management, logging and altering, and vulnerability management and other security domains
- Experience working in SaaS or cloud-native environments
- Experience working cross-functionally with engineering and infrastructure teams
- Must be a US citizen
- Experience supporting multiple compliance frameworks (PCI DSS, PCI CP, SOC 2, FedRAMP, ISO 27001, etc.)
- Experience with modern GRC platforms and control automation
- Familiarity with continuous compliance / continuous monitoring models
- Certifications such as: CISSP, CISA, CISM, CRISC, PCI ISA/QSA/PCIP (preferred but not required)
Benefits
- Company’s discretionary annual incentive plan
- Comprehensive health and well-being programs which include medical, vision, dental
- A generous 401(k) matching contribution
- Life and disability insurance
- Mental health coaching
- Virtual fitness programs
- Paid personal time off plus 12 paid holidays
- Parental leave
- Education reimbursement
Company Overview