Information Security GRC Analyst 3 - PCI DSS Compliance

About the Team/Role 

We are seeking a highly experienced and proactive Information Security GRC Analyst Level 3 – PCI DSS Compliance to support our organization’s PCI DSS compliance efforts. This role will focus on ensuring strict adherence to the Payment Card Industry Data Security Standard (PCI DSS) while contributing to broader governance, risk, and compliance (GRC) initiatives. The ideal candidate will possess deep expertise in PCI DSS and the ability to drive compliance programs in complex environments.

How you'll make an impact

Participate and play a key role in the WEX PCI DSS compliance program, ensuring ongoing adherence to the latest PCI DSS requirements.

• Act as the subject matter expert (SME) for PCI DSS, advising stakeholders on compliance strategies, risks, and security best practices.
• Conduct and coordinate PCI DSS gap assessments, control evaluations, and risk assessments to identify and remediate deficiencies.
• Conduct and coordinate PCI DSS annual reviews in accordance with PCI DSS v4.0.1. 
• Serve as the primary liaison for external audits, working closely with Qualified Security Assessors (QSAs), auditors, and regulatory bodies to ensure successful compliance certifications.
• Develop and maintain PCI DSS policies, procedures, and documentation to align with regulatory requirements and industry best practices.
• Collaborate with IT, Security, Legal, and Business teams to integrate PCI DSS controls into enterprise security and risk management frameworks.
• Implement security and compliance automation tools to enhance PCI DSS control effectiveness and efficiency.
• Stay updated on PCI DSS regulatory changes and evolving threats, advising on necessary adjustments.
• Support broader GRC initiatives, including ISO 27001, NIST, SOC 2, and risk management programs, as needed.
   

Experience you'll bring 

• Education: Bachelor’s or Master’s degree in Information Security, Computer Science, Business, or a related field (or equivalent work experience).
• 5+ years of experience in information security, compliance, risk management, or a related field, with a strong focus on PCI DSS compliance. Experience with PCI issuing banks preferred. 
• Technical Knowledge: In-depth understanding of PCI DSS, security frameworks (NIST, ISO 27001, SOC 2), risk management methodologies, cloud environments (AWS and Azure), and secure network architectures.
• Skills: Strong analytical, problem-solving, and project management skills; ability to communicate effectively with both technical and executive stakeholders.
• Tools & Technologies: Experience with GRC tools, security compliance platforms, vulnerability management tools, and cloud security.
• Certifications (Preferred): PCI Professional (PCIP), Qualified Security Assessor (QSA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM).