1

Pci Analyst Jobs (NOW HIRING)

Lead PCI Analyst

$139K - $174K/yr

About the Role Bonterra's Information Security, Risk & Compliance team is hiring a Lead PCI Compliance Analyst to own our PCI DSS Level 1 certification program, partner with Engineering on PCI ...

Senior PCI Analyst

$98K - $128K/yr

We are seeking a highly skilled PCI Security Analyst to join our team. The analyst is responsible for ensuring organizational compliance with the Payment Card Industry Data Security Standard (PCI DSS ...

Desktop Support Technician - Helpdesk Analyst

Norman, OK · On-site

$18 - $24.50/hr

PCI Energy Solutions, is a thriving global company where you can impact millions of lives every day ... Desktop Support Technician - Helpdesk Analyst PCI Energy Solutions is seeking a technical, detail ...

Experience supporting PCI-DSS assessments as a control owner coordinator, audit liaison, or compliance analyst in a BPO, financial services, or retail payments environment. * Familiarity with GRC ...

next page

Showing results 1-20

Pci Analyst information

See salary details

$31K

$73.3K

$130K

How much do pci analyst jobs pay per year?

As of Jul 6, 2026, the average yearly pay for pci analyst in the United States is $73,261.00, according to ZipRecruiter salary data. Most workers in this role earn between $52,500.00 and $87,000.00 per year, depending on experience, location, and employer.

What are the highest paying analyst jobs?

High-paying analyst roles include financial analysts, data analysts, and cybersecurity analysts, often requiring specialized skills and certifications. Senior positions or those in industries like finance, technology, and consulting tend to offer the highest salaries, especially with advanced experience and certifications such as CFA or CISSP.

What is a PCI analyst?

A PCI analyst is a cybersecurity professional responsible for ensuring an organization complies with Payment Card Industry Data Security Standard (PCI DSS) requirements. They assess security controls, monitor payment card data environments, and implement policies to protect cardholder information, often using tools like vulnerability scanners and security frameworks.

What are some common challenges PCI Analysts face when ensuring ongoing compliance within an organization?

PCI Analysts often encounter challenges such as keeping up with frequent updates to PCI DSS requirements, coordinating with multiple departments to ensure security controls are properly implemented, and addressing gaps identified during audits. Additionally, they must manage the complexities of legacy systems and third-party vendors that may not fully align with compliance standards. Strong communication and project management skills are essential to overcome these obstacles and maintain continuous compliance.

What are the key skills and qualifications needed to thrive as a PCI Analyst, and why are they important?

To thrive as a PCI Analyst, you need a thorough understanding of PCI DSS standards, risk assessment, and compliance processes, typically supported by a relevant degree and experience in IT security or audit. Familiarity with compliance management tools, vulnerability scanners, and certifications like PCI Professional (PCIP) or Certified Information Systems Security Professional (CISSP) is valuable. Attention to detail, problem-solving abilities, and effective communication are vital soft skills for interpreting complex regulations and liaising with stakeholders. These competencies are essential to ensure organizational compliance, protect sensitive data, and mitigate the risk of costly security breaches.

Is SOC analyst a high paying job?

A SOC analyst typically earns a competitive salary that varies by experience, location, and employer. Entry-level positions may start lower, but with certifications like CompTIA Security+ or CISSP and experience, salaries can increase significantly, making it a well-paying cybersecurity role.

What is the difference between Pci Analyst vs Pci Compliance Specialist?

AspectPci AnalystPci Compliance Specialist
CertificationsPCI DSS certifications, security certificationsPCI DSS certifications, security certifications
Work EnvironmentFinancial institutions, payment processing companiesFinancial institutions, payment processors
ResponsibilitiesAnalyzing PCI compliance data, monitoring security controlsImplementing PCI policies, ensuring compliance adherence
Industry UsagePayment security, banking

Both Pci Analysts and Pci Compliance Specialists work in payment security and require similar certifications. Pci Analysts focus on analyzing compliance data and monitoring controls, while Pci Compliance Specialists handle policy implementation and ensure ongoing adherence. They often collaborate within the same industry environments, such as banking and payment processing companies.

Is PCI compliance difficult?

PCI Analyst roles involve ensuring organizations meet Payment Card Industry Data Security Standard (PCI DSS) requirements, which can be complex due to the need for technical knowledge of security controls, network infrastructure, and compliance processes. Achieving and maintaining PCI compliance often requires ongoing audits, documentation, and familiarity with security tools and standards.
More about Pci Analyst jobs
Infographic showing various Pci Analyst job openings in the United States as of June 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 100% In-person job distribution, with an average salary of $73,261 per year, or $35.2 per hour.
Lead PCI Analyst

$139K - $174K/yr

Full-time

Posted 16 days ago


Job description

US Base Salary Range: $139,991 - $174,009
About Us
Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.
About the Role
Bonterra's Information Security, Risk & Compliance team is hiring a Lead PCI Compliance Analyst to own our PCI DSS Level 1 certification program, partner with Engineering on PCI security by design, and serve as a senior risk analyst within the Risk function. This role works horizontally across the company, advising engineering and product teams during the design phase of greenfield payment work, leading response and coordination for PCI Level 1 events, and extending PCI risk analysis to cover AI components introduced into payment systems. It sits at the border of compliance and engineering, requiring fluency in both control design and technical architecture, and supports related frameworks such as ISO 27001:2022 and SOC reporting.
Job Responsibilities:
  • Own end to end PCI DSS Level 1 readiness, certification activities, and coordination with QSA assessors
  • Advise Engineering and Product teams during the design phase on PCI control selection, scope containment, and security by design patterns for both greenfield and modernization payment architectures, with depth across the following engineering disciplines:
    • Tokenization architecture: tradeoffs between vault based and vaultless tokenization, format preserving encryption, scope reduction analysis, and the downstream impact on application code paths, storage layers, and integration points with acquirers and processors
    • Cardholder data environment network segmentation: VLAN and microsegmentation strategies, service mesh policy enforcement, ingress and egress controls, jump host and bastion design, and segmentation validation testing under PCI DSS v4.0.1 Requirement 11.4.5
    • Cryptographic key management: HSM and cloud KMS architecture, FIPS validated cryptographic module selection, key hierarchy and envelope encryption, key rotation cadence, and separation of duties for key custodians under Requirements 3.6 and 3.7
    • Secure SDLC and threat modeling for payment flows: STRIDE and PASTA modeling of authorization, capture, and settlement paths, SAST, DAST, and SCA gating, secrets scanning, and software supply chain controls including SBOM generation, signed artifacts, and build provenance
    • Logging, monitoring, and file integrity: append only audit logs with cryptographic integrity, file integrity monitoring across ephemeral and containerized workloads, and centralized log aggregation with PCI specific correlation rules under Requirement 10
  • Lead and manage response to PCI Level 1 events, including investigation, evidence preservation, control failure analysis, executive communications, regulator and brand notifications where applicable, and remediation oversight through closeout
  • Serve as a Senior Risk Analyst within the Risk function, conducting in depth risk analysis on PCI security by design questions and on AI components embedded within payment systems (including model inference, prompt and data flows touching cardholder data, retrieval pipelines, and third party AI services entering PCI scope)
  • Drive greenfield workstreams that establish new PCI controls, scope boundaries, or architectural patterns rather than only maintaining existing ones
  • Partner with Product Security on modernization initiatives that reduce PCI scope and improve control design
  • Maintain scope documentation, evidence, and operational reports for PCI controls
  • Manage issues, exceptions, compensating controls, and risk acceptance tracking with timely remediation
  • Align PCI evidence and controls with ISO 27001 and SOC frameworks to streamline reporting
  • Support audits, vendor assessments, and customer due diligence requests related to PCI
  • Maintain compliance ticket queues, supplier and control registers, and awareness activities
  • Collaborate with Information Security, Risk & Compliance team members and control owners companywide

Requirements
  • 7 or more years of PCI DSS program management experience with direct involvement in Level 1 merchant or service provider assessments under DSS v4.0.1
  • Demonstrated experience advising engineering teams during the design phase, translating PCI requirements into architectural and implementation guidance engineers can execute against, including for greenfield builds at the border of compliance and engineering
  • Proven track record leading or coordinating PCI Level 1 events end to end, from initial triage through executive reporting, evidence package delivery, and remediation closeout
  • Senior risk analyst depth: ability to conduct independent risk analysis at the requirement level and at the architectural level, including scoping determinations, compensating control construction, security by design tradeoffs, and risk acceptance documentation defensible under audit
  • Working understanding of AI and machine learning components in payment or cardholder data environments, including how model inference, vector stores, retrieval pipelines, and third party AI services intersect with PCI scope and data flow assumptions
  • Experience engaging QSAs from an authoritative posture, substantiating risk positions with documented evidence rather than deferring to QSA interpretation
  • Hands on field experience working directly within engineering and infrastructure teams to evaluate control implementation at the technical layer and translate requirements into actionable remediation tasks
  • Familiarity with ISO 27001 and cloud native service environments
  • Strong analytical, organizational, and communication skills with the ability to produce defensible compliance documentation under audit conditions
  • Experience with GRC platforms, ticketing systems, and security tooling (for example SIEM or vulnerability scanners)
  • Preferred certifications: PCIP, ISA (prior QSA credential strongly preferred), CISA, CISM, CISSP

At this time, we are unable to consider candidates who require current or future sponsorship for employment authorization.
Our Culture
At Bonterra, we're innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. At Bonterra, we foster an inclusive, equitable culture where every team member belongs and contributes to meaningful impact. Read more about our values and culture here.
Compensation & Benefits
We offer a comprehensive benefits package that supports your health, well-being and growth - explore full details here.
Compensation and benefits for this role apply to full-time employees in the United States and may vary based on local standards, laws and norms. Pay is determined by location, skills, experience, and education, and is one part of Bonterra's total rewards package, which may also include bonuses, incentives, equity, and a comprehensive benefits program.
Equal Opportunity & Accommodations
At Bonterra, we are proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We provide equal employment opportunities without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, veteran status, or any other characteristic protected by law.
If you require a reasonable accommodation during the application process, please submit a request.