Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes “World’s Best Employers”.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Analysts support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, protecting member privacy, and ensuring continued compliance. Compliance Analysts work closely with other teams to define and set corporate guidance in response to emerging standards and legislations by making certain that all policies and procedures are implemented and well documented, performing internal reviews, and identifying compliance problems that call for formal attention. Compliance Analysts speak both technical and business language interchangeably to effectively communicate and lead.

The IT Compliance Analyst will be responsible for ensuring and delivering the PCI DSS compliance of people, process, and technology of payment channels at Costco.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

● Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.

● Identifies problems, analyzes data, and presents findings in a professional manner, recommends mitigations either via new technology, alternative compensating controls, or policy modifications to improve overall security posture.

● Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.

● Establishes and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.

● Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.

● Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation.

● Stays current with new and evolving security topics and technologies via formal training and self-directed education.

● Innovative, creative, and works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency.

● Manages and communicates key compliance milestones for critical systems and complex processes.

● Establishes and meets deadlines to ensure adherence to rules and regulations.

● Assists and supports the organization with initial compliance with ongoing preparation, testing, and monitoring of conformance.

● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.

● Audits information system activities and systems to confirm compliance and provides management with compliance assessments.

● Develops, manages, and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any findings noted by either internal or external auditors.

● Engages and collaborates with a variety of internal departments and external organizations, may include but not limited to legal firms, law enforcement agencies, and all other levels of government to ensure follow through and completion of compliance and mitigation activities.

● Identifies risks and evaluates findings while working with internal departments/business units to appropriately address the findings.

● Understands and documents complex branded payment acceptance or card servicing processes.

● Applies established PCI DSS scoping criteria.

● Obtains and reviews evidence of compliance to support technical or complex PCI DSS requirements.

● Supports the completion of the annual PCI DSS Report on Compliance.

● Drives system and process updates.

● Assists and reviews scopes, interprets, and prioritizes both application and network vulnerability test results.

● Facilitates interaction between the business and Costco’s PCI DSS Qualified Security Assessor (QSA).

● Consults on moderately complex PCI DSS compliance considerations.

● Works closely with cross-functional teams and develops strong liaison relationships.

● Shares knowledge and experiences with staff to help grow the team.

REQUIRED

● 3-6 years' IT background; experience with compliance and/or regulatory issues preferred.

● Prior experience supporting a Level 1 or Level 2 organization’s PCI DSS compliance effort, working with an ISA or QSA, or serving as an ISA or QSA.

● Intermediate knowledge of all requirements of the current PCI DSS, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands.

● Intermediate knowledge of five or more of the following technical areas: network segmentation and subnetting, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.

● Able to scope, interpret, and prioritize both application and network vulnerability test results.

● Ability to identify problems and assist with solutions, analyze data, and present conclusions effectively.

● Intermediate knowledge of NACHA and SWIFT frameworks and understanding of protecting financial data.

● Review, analyze, and understand IT policies, procedures, and standards for compliance with PCI DSS requirements.

● Self-motivated, flexible, open to learning, works with limited supervision, and exhibits an excellent sense of urgency.

Recommended

● Past or current certifications in one of the following areas: Security+, CISSP, ISA, QSA.

● Proven people management experience – worked with a variety of teams globally.

● Ability to propose creative solutions to successfully remediate identified compliance issues.

Required Documents

● Cover Letter

● Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level 1 - $65,000 - $95,000

Level 2 - $85,000 - $120,000

Level 3 - $110,000 - $150,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas .