Compliance Engineer - PCI

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. 

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.

The Costco Digital Services (CDS) PCI Compliance Engineer will play a crucial role in supporting the PCI DSS compliance initiatives at Costco Wholesale. This position is responsible for collaborating closely with cross functional teams including Product, Infrastructure, Engineering, Security (Compliance Vendor Risk, Vulnerability Management, Training, Operations, Incident Response, etc.), Risk, Legal, and Business to develop and implement plans for data security, conducting assessments, and ensuring compliance with industry standards. The role requires strong understanding of PCI compliance and strong knowledge in other security frameworks, as well as the ability to communicate effectively to internal stakeholders and external assessors. The successful candidate will report directly to the Manager of PCI Compliance who is responsible for establishing and maintaining PCI compliance programs across Costco Wholesale globally. 

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

●      Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.

●      Audits information system activities and systems to confirm compliance and provides management with compliance assessments.

●      Defines and leads activities to support ongoing PCI program health and maturity.

●      Documents and maintains cardholder data environments scope narratives and supporting evidence.

●      Monitors business activities by collaborating with cross-functional team leaders to ensure the organization maintains compliance.

●      Represents the team in PCI DSS initiatives and programs as the subject matter expert on PCI compliance and data security and provide general PCI-related support and guidance to teams.

●      Performs ongoing design and operating effectiveness reviews to identify changes impacting the PCI ecosystem and work with teams on compliance readiness roadmaps.

●      Assists in the development of training on PCI topics to relevant stakeholders.

●      Leads the planning and execution of PCI assessments for various Costco Wholesale entities which includes interpreting and assessing controls using compliance frameworks with a focus on payment card compliance and data security (e.g. PCI-DSS, PCI P2PE, NESA, and PCI SAQs)

●      Manages and leads project teams, including analysts and delivery managers to drive results.

●      Coordinates with external assessors, process/control owners, and other key stakeholders to streamline the assessment process for efficiencies, including activities related to collecting evidence and refining work papers.

REQUIRED

●      10+ years of professional experience with at least 7+ years in Security GRC, IT security, or a related field, with in-depth working knowledge of PCI standards.

●      Prior experience supporting a Level 1 or Level 2 Merchant’s PCI DSS compliance effort, working with an ISA or QSA, or serving as an ISA or QSA.

●      A strong understanding of different computing architectures (including cloud) and security patterns, including assessing and implementing PCI controls in such environments.

●      Knowledge of industry security, audit, and privacy standards, frameworks, and regulations, such as PCI DSS (and other PCI standards), ISO27001, COBIT, SSAE18, GDPR, or SOX.

●      Familiarity with GRC (Governance, Risk, and Compliance) solutions, tools, platforms.

●      Advanced knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, antivirus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.

●      Ability to scope penetration tests for PCI by defining specific systems, networks, and applications that will be tested to comply with PCI DSS.

●      Ability to scope, interpret and prioritize systems, applications and network vulnerability results.

●      Ability to propose creative solutions to successfully remediate identified compliance issues.

●      High levels of curiosity, persistence, and a grounded approach to getting work done.

●      Ability to identify problems, analyze data and present conclusions effectively.

●      Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and stakeholders in an effective and appropriate manner.

Recommended:

●      Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or equivalent expertise.

●      Architectural level experience in information security, data compliance, and risk management.

●      Strong ability to build healthy relationships across teams and with stakeholders.

●      Strong security acumen, balanced by keen understanding of the need for business flexibility and agility.

●      Experience managing and working with a variety of teams globally.

●      Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

●      Cover Letter

●      Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Range: $150,000 - $190,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.