Sr. Security Compliance Analyst - PCI DSS & SOC 2 (East Coast)
Entrust · NAMER · 6 days ago
RemoteRemoteLegal$119k–$175k/yrFull-time
Position Overview
Entrust is seeking a highly skilled Senior Security Compliance Analyst to lead and sustain compliance for multiple PCI DSS environments while supporting the maturity and execution of our SOC 2 program.
Responsibilities
- Lead and support end-to-end compliance efforts across multiple environments, including readiness assessments, audits, and continuous monitoring activities to ensure sustained security posture and audit readiness.
- Leading PCI DSS compliance-related activities and certification;
- Serving as SME for PCI DSS and SOC 2 compliance, advising internal teams and customers;
- Partnership with control owners to ensure controls meet PCI DSS requirements and Trust Services Criteria (Security, Availability, Confidentiality, etc.);
- Supporting external audits by preparing evidence, responding to auditor requests, coordinating audit activities, and tracking remediation;
- Driving coordination with third parties (e.g., service providers, hosting partners) to ensure shared control alignment;
- Ensuring audit readiness through continuous proactive gap assessments and control sing throughout the year;
- Identifying, assessing, and communicating compliance and security risks to stakeholders;
- Identifying, tracking, and driving closure of audit findings and control deficiencies;
- Contributing to the development and maintenance of security policies, standards, and procedures.
Basic Qualifications
- 5+ years in security compliance, audit, or GRC with a strong understanding of administrative, technical, and physical controls, including how they support one another;
- Hands-on technical and audit experience with PCI DSS and SOC 2 compliance;
- Strong technical understanding of: Cloud environments and shared responsibility models, Access control, change management, logging and altering, and vulnerability management and other security domains;
- Experience working in SaaS or cloud-native environments;
- Experience working cross-functionally with engineering and infrastructure teams;
- Must be a US citizen.
Preferred Qualifications
- Experience supporting multiple compliance frameworks (PCI DSS, PCI CP, SOC 2, FedRAMP, ISO 27001, etc.);
- Experience with modern GRC platforms and control automation;
- Familiarity with continuous compliance / continuous monitoring models;
- Certifications such as: CISSP, CISA, CISM, CRISC, PCI ISA/QSA/PCIP (preferred but not required).