ZipRecruiter

Log In

1

Pci Isa Jobs (NOW HIRING)

State Farm

IT GRC Analyst

Bloomington, IL · On-site

$42.75 - $57/hr

PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met. * Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance. * Drives ...

State Farm

IT GRC Analyst

Dunwoody, GA · Hybrid

$44.50 - $59.50/hr

PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met. * Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance. * Drives ...

State Farm

IT GRC Analyst

Bloomington, IL · Hybrid

$42.75 - $57/hr

PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met. * Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance. * Drives ...

State Farm

IT GRC Analyst

Richardson, TX · Hybrid

$40.75 - $54.50/hr

PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met. * Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance. * Drives ...

State Farm

IT GRC Analyst

Tempe, AZ · Hybrid

$43 - $57.50/hr

PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met. * Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance. * Drives ...

RevSpring, Inc.

IT Audit & Compliance Analyst

Phoenix, AZ · On-site

$93K - $93K/yr

CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP. * Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata). * Familiarity with cloud environments (AWS, Azure ...

RevSpring, Inc.

IT Audit & Compliance Analyst

Arden Hills, MN · On-site

$98K - $99K/yr

CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP. * Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata). * Familiarity with cloud environments (AWS, Azure ...

RevSpring Inc

IT Audit & Compliance Analyst

Phoenix, AZ · On-site

$95K - $95K/yr

CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP. * Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata). * Familiarity with cloud environments (AWS, Azure ...

RevSpring Inc

IT Audit & Compliance Analyst

Oaks, PA

$96K - $96K/yr

CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP. * Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata). * Familiarity with cloud environments (AWS, Azure ...

RevSpring Inc

IT Audit & Compliance Analyst

Arden Hills, MN · On-site

$95K - $95K/yr

CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP. * Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata). * Familiarity with cloud environments (AWS, Azure ...

StratG Inc

Cybersecurity Project Manager PCI

Queens, NY · Hybrid

... ISA, CISSP, or CISM) are highly desired. · Experience: 5+ years of experience in information ... Deep, working knowledge of PCI DSS requirements, validation procedures, and reporting. Familiarity ...

next page

Showing results 1-20

All JobsPci Isa Jobs

Pci Isa information

See salary details

$20

$22

$23

How much do pci isa jobs pay per hour?

As of Jun 8, 2026, the average hourly pay for pci isa in the United States is $22.28, according to ZipRecruiter salary data. Most workers in this role earn between $21.88 and $22.84 per hour, depending on experience, location, and employer.

What are some common challenges faced by PCI ISA professionals when ensuring ongoing compliance within an organization?

PCI ISA professionals often encounter challenges such as keeping up with evolving PCI DSS standards, ensuring all departments adhere to security protocols, and managing regular assessments across complex IT environments. They must coordinate with multiple teams—including IT, compliance, and business units—to address vulnerabilities and implement corrective actions promptly. Staying organized and maintaining clear documentation are key, as the role requires balancing day-to-day operations with long-term compliance initiatives.

What are the key skills and qualifications needed to thrive as a PCI ISA (Internal Security Assessor), and why are they important?

To thrive as a PCI ISA, you need strong knowledge of information security principles, PCI DSS requirements, and related compliance frameworks, usually backed by relevant experience and an official PCI ISA certification. Familiarity with security assessment tools, compliance management systems, and reporting software is vital for effectively identifying and addressing vulnerabilities. Attention to detail, strong analytical thinking, and clear communication are essential soft skills for interpreting standards and collaborating with internal stakeholders. These competencies ensure accurate self-assessments, ongoing PCI DSS compliance, and protection of sensitive payment card data within the organization.

What is the difference between Pci Isa vs Pci Technician?

AspectPci IsaPci Technician
CertificationsTypically requires Pci-specific certifications and technical trainingRequires Pci certifications, technical skills, and possibly vendor-specific training
Work EnvironmentPrimarily in data centers, server rooms, or IT departmentsIn data centers, network operations, or IT support settings
Employer & IndustryUsed by companies managing Pci infrastructure and complianceEmployers in IT, telecommunications, and data management sectors

Both Pci Isa and Pci Technician roles involve working with Pci systems and require similar certifications. However, Pci Isa often refers to a specialized role focusing on Pci infrastructure setup, while Pci Technician emphasizes hands-on maintenance and troubleshooting. Both roles are vital in IT environments managing Pci hardware and compliance.

What are PCI ISAs?

PCI ISAs, or Payment Card Industry Internal Security Assessors, are professionals certified by the PCI Security Standards Council to assess and validate an organization's compliance with PCI Data Security Standards (PCI DSS) from within the organization. Unlike external Qualified Security Assessors (QSAs), ISAs are employees of the organization they assess and help maintain ongoing PCI DSS compliance. They play a critical role in strengthening security practices, preparing for assessments, and acting as a liaison between internal teams and external auditors.
More about Pci Isa jobs
What states have the most Pci Isa jobs? States with the most job openings for Pci Isa jobs include:
What job categories do people searching Pci Isa jobs look for? The top searched job categories for Pci Isa jobs are:
Pci Isa jobs near you
Infographic showing various Pci Isa job openings in the United States as of May 2026, with employment types broken down into 90% Full Time, and 10% Contract. Highlights an 70% In-person, and 30% Remote job distribution, with an average salary of $46,343 per year, or $22.3 per hour.
Senior Security GRC Analyst (PCI ISA Specialist)

Senior Security GRC Analyst (PCI ISA Specialist)

Feedonomics

Austin, TX • On-site

$88K - $150K/yr

Full-time

Posted 6 days ago

Job description

Welcome to the Agentic Commerce Era
At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. We believe in harnessing AI responsibly to unlock new possibilities, and we're looking for individuals who use it intentionally to solve problems, accelerate outcomes, and expand what's possible in their role. Our purpose is to help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers who shape the future of commerce, this is the place for you.
As a Senior Security GRC Analyst and Internal Security Assessor (ISA), you will serve as the primary Subject Matter Expert (SME) for our global PCI DSS program at Commerce. We operate a highly mature PCI DSS 4.0 environment; your mission is to lead the continuous evolution of this program, ensuring that compliance is integrated into our "business as usual" (BAU) operations.
While your primary focus is PCI, you will be a key player in our broader GRC function, supporting our SOC2 and ISO 27001 certifications. You will act as the technical bridge between our Engineering, Infrastructure, and IT teams and external auditors, ensuring that our high-security standards are documented, validated, and maintained.
What You'll Do:
PCI SME & Internal Security Assessor (ISA)
  • ISA Leadership: Serve as the officially designated PCI ISA for the organization. Manage the annual assessment lifecycle, including scoping, evidence collection, and validation of controls.
  • PCI 4.0 Evolution: Direct the ongoing maintenance of our PCI 4.0 program, with a specific focus on managing Targeted Risk Analyses (TRAs) and the customized approach where applicable.
  • Scoping & Segmentation: Partner with Cloud Engineering to validate PCI scope across our global footprint, ensuring effective network segmentation and data flow isolation.
  • QSA Liaison: Act as the primary point of contact for our external QSA, defending our control environment and streamlining the audit process to minimize disruption to technical teams.
  • Continuous Compliance: Operationalize PCI requirements (e.g., quarterly scans, penetration test remediation) into automated workflows.

Multi-Framework Audit Management
  • Unified Control Framework: Support the broader GRC team in managing our SOC2 Type 2, ISO 27001, and other regulatory audits (as seen on https://www.google.com/search?q=security.commerce.com).
  • Technical Advisory: Provide GRC perspective on architectural designs, product launches, and infrastructure changes to ensure "compliance by design."
  • Remediation Management: Track and drive the remediation of audit findings and security gaps, working closely with asset owners to find pragmatic, secure solutions.

Who You Are:
  • Experience: 6+ years in an Information Security or IT Audit role, with at least 3 years of deep focus on PCI DSS within a major cloud-native environment.
  • Certification: Active PCI ISA (Internal Security Assessor) or PCI QSA certification is mandatory.
  • Regulatory Expertise: Thorough understanding of PCI DSS 4.0 requirements and the practical application of the standard in modern environments.
  • Audit Fluency: Proven experience leading Level 1 Service Provider assessments.
  • Communication: Ability to explain complex compliance requirements to developers and business leaders in a way that emphasizes enablement rather than "blockage."

Preferred Qualifications
  • Broad Framework Knowledge: Experience with SOC2 and ISO 27001:2022.
  • Cloud Security: Experience with GRC automation and familiarity with modern cloud-native security and observability tools.
  • Automation Mindset: Experience using GRC platforms and a desire to automate manual evidence collection to reduce audit fatigue.

About You
  • You understand the "Why": You don't just "do compliance"; you understand the security intent behind every control and can help teams meet the requirement in a way that actually improves our security posture.
  • Technical Curiosity: You are comfortable diving into technical configurations (IAM policies, VPC flow logs, etc.) to verify control effectiveness yourself.
  • Adaptable: You enjoy the challenge of a high-paced environment where scale and security must coexist and evolve together.

This is a Hybrid role - Beginning March 1, 2026, employees who live within commuting distance of a Dedicated Office will be expected to be in the office three days per week.
#LI-KE1
#LIHYBRID
(Pay Transparency Range: $88,951.00 - $150,432.00)
Compensation Transparency
The national base salary range for this role is posted above in this job post.
Final compensation will be determined based on factors such as relevant experience, skills, qualifications and geographic location. We also consider internal equity to help ensure fair and consistent pay practices across our teams.
Where applicable, this role may also be eligible for variable compensation (such as bonus or commission), equity, and benefits in accordance with local policies. Details will be shared during the hiring process. We are committed to equitable and transparent pay practices that align to market data, internal equity, and individual contribution.
Inclusion and Belonging
At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.
We are committed to creating an inclusive and accessible hiring experience for all candidates. If you require accommodations or adjustments at any stage of the recruitment process, please let us know and we will work with you to meet your needs.
Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/
Protect Yourself Against Hiring Scams: Our Corporate Disclaimer
Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers.
Be advised:
Commerce does not offer jobs to individuals who do not go through our formal hiring process.
Commerce will never:
  • require payment of recruitment fees from candidates;
  • request personally identifiable information through unsanctioned websites or applications;
  • attempt to solicit money from you as part of the hiring process or as part of an employment offer;
  • solicit money to complete visa requirements as part of a job offer.

If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding.

Apply