Sr. Security Compliance Analyst -PCI DSS & U.S. Fed
Position Overview
Entrust is seeking a highly skilled Senior Security Compliance Analyst to lead and sustain compliance for multiple compliance programs including PCI DSS and U.S. Federal. This role is responsible for designing and executing continuous compliance monitoring activities, identifying gaps and leading associated remediation efforts, planning and leading third-party audits, and measuring control effectiveness across cloud-based, on-prem and hybrid environments.
Responsibilities
Lead and support end-to-end compliance efforts across multiple environments, including readiness assessments, audits, and continuous monitoring activities to ensure sustained security posture and audit readiness.
Leading PCI DSS compliance-related activities and certification;
Supporting U.S. Federal readiness efforts, including gap assessments against NIST SP 800-53 and tracking remediation activities (POA&M);
Maintaining required evidence artifacts and ensuring traceability of evidence;
Interpreting and operationalizing compliance requirements into actionable control activities for engineering and operations;
Serving as SME for PCI DSS and NIST 800-53 compliance, advising internal teams and customers;
Supporting development of FedRAMP artifacts (e.g., SSP, control narratives, shared responsibility matrices);
Partnering with control owners to ensure controls meet PCI DSS and NIST 800-53 requirements;
Supporting external audits by preparing evidence, responding to auditor requests, coordinating audit activities, and tracking remediation;
Driving coordination with third parties (e.g., service providers, hosting partners) to ensure shared control alignment;
Ensuring audit readiness through continuous proactive gap assessments and control sing throughout the year;
Identifying, assessing, and communicating compliance and security risks to stakeholders;
Identifying, tracking, and driving closure of audit findings and control deficiencies;
Contributing to the development and maintenance of security policies, standards, and procedures.
Basic Qualifications
5+ years in security compliance, audit, or GRC with a strong understanding of administrative, technical, and physical controls, including how they support one another
Hands-on technical and audit experience with PCI DSS and NIST 800-53 compliance
Strong technical understanding of: Cloud environments and shared responsibility models, Access control, change management, logging and altering, and vulnerability management and other security domains
Experience working in SaaS or cloud-native environments
Experience working cross-functionally with engineering and infrastructure teams
Preferred Qualifications
Experience supporting multiple compliance frameworks (PCI DSS, PCI CP, SOC 2, FedRAMP, NIST 800-53/FISMA, ISO 27001/2, ISO 42001)
Experience with modern GRC platforms and control automation
Familiarity with continuous compliance / continuous monitoring models
Certifications such as: CISSP, CISA, CISM, CRISC, PCI ISA/QSA/PCI CP (preferred but not required)