ZipRecruiter

Log In

1

Pci Analyst Jobs (NOW HIRING)

Conduent, Inc.

PCI Compliance Specialist

NJ · Remote

Experience supporting PCI-DSS assessments as a control owner coordinator, audit liaison, or compliance analyst in a BPO, financial services, or retail payments environment. * Familiarity with GRC ...

next page

Showing results 1-20

All JobsPci Analyst Jobs

Pci Analyst information

See salary details

$31K

$73.3K

$130K

How much do pci analyst jobs pay per year?

As of Jun 16, 2026, the average yearly pay for pci analyst in the United States is $73,261.00, according to ZipRecruiter salary data. Most workers in this role earn between $52,500.00 and $87,000.00 per year, depending on experience, location, and employer.

What is a PCI analyst?

A PCI analyst is a cybersecurity professional responsible for ensuring an organization complies with Payment Card Industry Data Security Standard (PCI DSS) requirements. They assess security controls, monitor network activity, and implement policies to protect cardholder data, often using tools like vulnerability scanners and security frameworks. Certification such as PCI Professional (PCIP) is common in this role.

What jobs pay $2000 a day?

High-paying jobs that can reach $2000 a day often include specialized roles such as senior cybersecurity analysts, management consultants, or freelance professionals with in-demand skills. These positions typically require extensive experience, certifications, or expertise in niche areas and may involve consulting, contract work, or leadership responsibilities.

What are some common challenges PCI Analysts face when ensuring ongoing compliance within an organization?

PCI Analysts often encounter challenges such as keeping up with frequent updates to PCI DSS requirements, coordinating with multiple departments to ensure security controls are properly implemented, and addressing gaps identified during audits. Additionally, they must manage the complexities of legacy systems and third-party vendors that may not fully align with compliance standards. Strong communication and project management skills are essential to overcome these obstacles and maintain continuous compliance.

What are the key skills and qualifications needed to thrive as a PCI Analyst, and why are they important?

To thrive as a PCI Analyst, you need a thorough understanding of PCI DSS standards, risk assessment, and compliance processes, typically supported by a relevant degree and experience in IT security or audit. Familiarity with compliance management tools, vulnerability scanners, and certifications like PCI Professional (PCIP) or Certified Information Systems Security Professional (CISSP) is valuable. Attention to detail, problem-solving abilities, and effective communication are vital soft skills for interpreting complex regulations and liaising with stakeholders. These competencies are essential to ensure organizational compliance, protect sensitive data, and mitigate the risk of costly security breaches.

What jobs will boom in 2026?

The demand for cybersecurity analysts, including PCI analysts, is expected to grow significantly by 2026 due to increasing data security needs and regulatory requirements. Other expanding fields include data science, cloud computing, and AI development, which require specialized skills and certifications. These roles are likely to see strong job growth as organizations prioritize digital security and technological innovation.

What is the difference between Pci Analyst vs Pci Compliance Specialist?

AspectPci AnalystPci Compliance Specialist
CertificationsPCI DSS certifications, security certificationsPCI DSS certifications, security certifications
Work EnvironmentFinancial institutions, payment processing companiesFinancial institutions, payment processors
ResponsibilitiesAnalyzing PCI compliance data, monitoring security controlsImplementing PCI policies, ensuring compliance adherence
Industry UsagePayment security, banking

Both Pci Analysts and Pci Compliance Specialists work in payment security and require similar certifications. Pci Analysts focus on analyzing compliance data and monitoring controls, while Pci Compliance Specialists handle policy implementation and ensure ongoing adherence. They often collaborate within the same industry environments, such as banking and payment processing companies.

Is SOC 1 entry level?

SOC 1 (System and Organization Controls 1) reports are audit reports used to evaluate internal controls over financial reporting, not a job role. For professionals like PCI analysts, entry-level positions typically require foundational knowledge of security standards and may involve supporting audit processes, but SOC 1 itself is an audit type, not a job level. Entry-level roles in cybersecurity or compliance may involve assisting with SOC 1 audits, but the report type is not inherently entry level.
More about Pci Analyst jobs
What job categories do people searching Pci Analyst jobs look for? The top searched job categories for Pci Analyst jobs are:
Pci Analyst jobs near you
Infographic showing various Pci Analyst job openings in the United States as of June 2026, with employment types broken down into 1% Locum Tenens, 90% Full Time, 5% Part Time, and 4% Contract. Highlights an 81% Physical, 8% Hybrid, and 11% Remote job distribution, with an average salary of $73,261 per year, or $35.2 per hour.
Senior Technical PCI Analyst (Hybrid - Seattle)

Senior Technical PCI Analyst (Hybrid - Seattle)

Nordstrom, Inc.

Seattle, WA • On-site

$109K - $142K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 11 days ago

Nordstrom rating

6.8

Company rating: 6.8 out of 10

Based on 417 frontline employees who took The Breakroom Quiz

4th of 21 rated department stores

Job description

Job Description
Nordstrom is looking for a technically deep PCI SME who thrives at the intersection of hands-on payment security work and program building. You'll own our PCI DSS v4.0 compliance program end-to-end - from scoping and evidence collection through control testing and QSA coordination - while simultaneously building the operational backbone (processes, tooling, documentation) that keeps the program humming year-round, not just during assessment season.
You're the person who knows what's in scope. When an engineer asks "does this new microservice touch the CDE?" or a product manager wants to know if their new payment flow creates PCI exposure, you're the one they come to - and you give them a real answer, not a "it depends, let me escalate."
You'll also be a go-to resource and mentor for the other compliance analysts on the team. You won't manage anyone's performance reviews, but your PCI expertise will help level everyone up - answering questions, reviewing their work, and making sure the team speaks PCI fluently.
If you get a little too excited about data flow diagrams, have strong opinions about network segmentation, and have ever caught a scoping error that saved your company a world of pain - keep reading.
A Day in the Life
Own the PCI Program (for real)
  • Drive the full PCI DSS v4.0 compliance lifecycle: scoping, gap assessment, evidence collection, control testing, and annual QSA coordination. You're not handing this off - you're running it.
  • Build and maintain the CDE asset inventory - network segmentation docs, data flow diagrams, system component registers - across on-premises and cloud. If it touches cardholder data, you know about it.
  • Design and run the periodic control testing program: scheduling, evidence requests, test procedures, exception tracking, and remediation follow-up. Assessment season should feel like a victory lap, not a fire drill.
  • Write the policies, procedures, RACIs, and runbooks that make the program sustainable - so it doesn't fall apart when you take a vacation.
  • Track findings, owners, and milestones in the GRC platform and surface the right KPIs and KRIs (open findings age, control test pass rates, inventory coverage) so leadership always knows where things stand.

Be the Scoping Expert in the Room
  • Lead scoping conversations with engineering and infrastructure teams to define CDE boundaries in hybrid on-prem/cloud environments (AWS, Azure, GCP) - and back up your decisions with solid documentation.
  • Review architecture changes, new products, and vendor integrations before they ship so PCI surprises happen in a design doc, not during QSA fieldwork.
  • Spot de-scoping opportunities - whether it's segmentation, tokenization, or P2PE - and partner with engineering to get them implemented.
  • Dig into network diagrams, cloud configs, and data flow docs to validate scope and find the undocumented CHD flows before the QSA does.
  • Translate PCI requirements into concrete specs for engineers: what Req 6 means for their CI/CD pipeline, what Req 8 means for their IAM setup, what Req 10 means for their logging architecture.

Test Controls, Collect Evidence, Repeat
  • Actually test technical controls - firewall rule reviews, patch compliance, access reviews, log configurations, encryption assessments. You're not just reviewing screenshots someone else took.
  • Build a reusable testing library: documented test procedures for every in-scope Requirement, so each cycle gets more efficient, not more chaotic.
  • Collect and validate evidence to QSA standards - complete, timestamped, traceable to specific sub-requirements. Future you will thank present you.
  • Run the evidence request workflow with control owners so the week before QSA fieldwork isn't a full-team emergency.

Own the QSA Relationship
  • Be the primary day-to-day QSA contact: coordinate fieldwork, manage document requests, and run walkthroughs with technical teams so engineers aren't getting cold-called by assessors.
  • Defend scoping decisions, present compensating controls, and represent Nordstrom's compliance posture with confidence - because you built the program and you know it inside out.
  • Manage acquiring bank and payment brand relationships around compliance status, SAQ applicability, and AOC delivery.

Level Up the Team
  • Be the PCI go-to for the compliance team: answer the hard questions, review work products, and help other analysts build their PCI knowledge over time.
  • Embed with engineering, DevOps, and product teams as a trusted advisor - show up to design reviews, join sprint ceremonies when it matters, be the person who makes PCI feel less scary.
  • Educate stakeholders on PCI obligations and v4.0 changes in language that actually lands, whether you're talking to a network engineer or a VP.
  • Partner with the broader GRC team to spot control overlaps with SOX, HIPAA, and other frameworks and contribute to a Common Control Framework.

You're the One If You Have...
PCI Experience That Goes Beyond the Checkbox
  • 6-8 years of hands-on PCI DSS compliance experience, with at least 3 years owning or co-owning a PCI program at a merchant, payment processor, or service provider.
  • A track record of building PCI programs from scratch: asset inventory processes, control testing schedules, evidence libraries, and operational procedures - not inheriting a fully-built program and maintaining it.
  • Deep working knowledge of PCI DSS v4.0 across all 12 Requirements, including the technical requirements for network security, cryptography, access control, logging, and secure development.
  • Real scoping experience in hybrid on-premises and cloud environments, including formal documentation of scoping rationale you've had to defend to a QSA.
  • Hands-on control testing chops: you've reviewed firewall rules, validated patch compliance, run access reviews, and checked log configs yourself - not just reviewed evidence others collected.
  • QSA coordination experience: you've been in the room (or on the call) managing document requests, running walkthroughs, and answering the hard questions.

Technical Fluency
  • You can read a network diagram and spot a scoping problem - VLANs, DMZs, firewall rule sets, and cloud VPC/security group configs aren't intimidating to you.
  • Cloud familiarity in at least one major platform (AWS, Azure, GCP) as it applies to PCI scoping and control requirements.
  • You can confidently participate in technical conversations as Nordstrom's PCI SME.
  • You know your tokenization and can explain how each affects CDE scope without reading from a slide.
  • Comfortable with vulnerability management and patch compliance processes as required under PCI DSS Requirement 6.
  • You can read technical docs - network diagrams, data flow diagrams, system configs, audit logs - and extract what you need to make a compliance call.

The Soft Stuff That's Actually Hard
  • You're a player-coach: you're doing hands-on work and helping others do theirs better - without needing a management title to have influence.
  • You can translate PCI-speak into plain English for engineers, and technical risk into business language for leadership. Both directions, fluently.
  • You're comfortable pushing back when a proposed design creates PCI risk - and you come with alternatives, not just objections.
  • You're organized enough to juggle inventory, testing, remediation, and QSA prep simultaneously without dropping things or waiting to be told what to do next.
  • You've used a GRC platform (ServiceNow, Archer, Drata, Vanta, or similar) to track findings and evidence - and you have opinions about how it should be configured.

Education
  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field, or equivalent experience doing the actual work.

Bonus Points
  • PCI ISA certification or active QSA qualification - this is a big one.
  • Additional certifications: CISA, CISSP, CRISC, or cloud security certs (AWS Security Specialty, CCSK).
  • Retail, e-commerce, or hospitality experience with complex, multi-channel cardholder data environments.
  • Familiarity with other frameworks (SOX ITGC, HIPAA, CCPA) and experience contributing to a Common Control Framework.
  • GRC platform implementation or configuration experience, including building control libraries and evidence workflows.
  • PCI consulting or QSA firm background. You've seen a lot of programs - good and bad - and know what works.

Pay Range Details
The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations.
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.
$166,000.00 - $258,000.00 Annual
We've got you covered...
Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
  • Medical/Vision, Dental, Retirement and Paid Time Away
  • Life Insurance and Disability
  • Merchandise Discount and EAP Resources

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben_Overview_17-19.pdf
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ's for relevant information and guidelines.
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Nordstrom keeps job postings open for at least one day after the posting date.
© 2026 Nordstrom, Inc

What Nordstrom employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply