Alation is seeking a detail-oriented and experienced Compliance Analyst specializing in PCI-DSS to join our team. This role is crucial in ensuring that our cloud-based services comply with the Payment Card Industry Data Security Standard (PCI-DSS). The ideal candidate will have a strong background in PCI-DSS compliance, cloud security, and a passion for maintaining the highest levels of security and regulatory compliance across multiple frameworks. What You ll Do: Audit and Compliance:
Develop, implement, and maintain PCI-DSS, while contributing to the maintenance and management of other frameworks, including ISO 27001, ISO 27701, HIPAA/HITECH, SOC 2 Type II, and FedRAMP.
Conduct regular audits and assessments to ensure compliance with relevant standards and regulations.
Monitor changes in compliance requirements and update company policies and procedures accordingly.
Prepare and present compliance reports to senior management and stakeholders.
Third-Party Risk Management
Security and Risk Management:
Identify, assess, and mitigate risks related to PCI-DSS and cloud security.
Implement and monitor security controls to protect cardholder data and ensure compliance with PCI-DSS requirements.
Work closely with the IT and security teams to ensure security measures are effective and up-to-date.
Training and Awareness:
Stakeholder Collaboration:
Collaborate with internal and external stakeholders, including auditors, to ensure compliance with PCI-DSS requirements.
Provide guidance and support to various teams on PCI-DSS compliance issues.
Assist in responding to customer and partner inquiries regarding PCI-DSS compliance.
Audits and Assessments:
Conduct audits and assessments to identify compliance gaps and evaluate the effectiveness of controls.
Collaborate with relevant teams to implement corrective actions and track progress.
Provide compliance training and guidance to employees, promoting a culture of compliance.
Relationship Management:
Build and nurture relationships with stakeholders across teams to foster collaboration and trust.
Partner with internal teams to ensure compliance requirements are understood and incorporated into processes and systems.
Manage external partnerships for internal and external audit activities.
Technology and Tools:
Leverage technology, including Governance, Risk, and Compliance (GRC) tools, to streamline audit processes and enhance efficiency.
Train internal stakeholders on the use of GRC tools and other necessary technologies.
What You Need: Bachelors degree in a relevant field, such as computer science, information security, or risk management. A masters degree is a plus.
5-7 years years of relevant work experience.
Comfortable with working late-night hours to seamlessly synchronize with US counterparts
In-depth knowledge of cloud security principles, technologies, and best practices (e.g., AWS, Azure, Google Cloud) and physical security protocols.
Expertise with PCI-DSS requirements and cloud security principles.
Familiarity with security frameworks, standards, and regulatory requirements (e.g., ISO 27001, NIST, GDPR).
Strong experience in assisting with audits, assessments, and implementing compliance programs.
Excellent understanding of compliance frameworks, controls, and risk management practices.
Demonstrated ability to build relationships and collaborate effectively with stakeholders.
Proficiency in using GRC tools or similar technologies for audit and compliance management.
Strong analytical and problem-solving skills to identify and address compliance gaps.
Excellent communication and presentation skills to convey complex compliance concepts to diverse audiences.
Able to pivot and thrive in a rapidly changing start-up environment, managing multiple tasks and prioritizing effectively based on feedback
