Note: The job is a remote job and is open to candidates in USA. Entrust is an industry leader in identity-centric security solutions, serving over 150 countries with cutting-edge technologies. They are seeking a highly skilled Senior Security Compliance Analyst to lead compliance for multiple programs including PCI DSS and U.S. Federal, focusing on continuous monitoring, audits, and control effectiveness across various environments.
Responsibilities
- Leading PCI DSS compliance-related activities and certification
- Supporting U.S. Federal readiness efforts, including gap assessments against NIST SP 800-53 and tracking remediation activities (POA&M)
- Maintaining required evidence artifacts and ensuring traceability of evidence
- Interpreting and operationalizing compliance requirements into actionable control activities for engineering and operations
- Serving as SME for PCI DSS and NIST 800-53 compliance, advising internal teams and customers
- Supporting development of FedRAMP artifacts (e.g., SSP, control narratives, shared responsibility matrices)
- Partnering with control owners to ensure controls meet PCI DSS and NIST 800-53 requirements
- Supporting external audits by preparing evidence, responding to auditor requests, coordinating audit activities, and tracking remediation
- Driving coordination with third parties (e.g., service providers, hosting partners) to ensure shared control alignment
- Ensuring audit readiness through continuous proactive gap assessments and control testing throughout the year
- Identifying, assessing, and communicating compliance and security risks to stakeholders
- Identifying, tracking, and driving closure of audit findings and control deficiencies
- Contributing to the development and maintenance of security policies, standards, and procedures
Skills
- 5+ years in security compliance, audit, or GRC with a strong understanding of administrative, technical, and physical controls, including how they support one another
- Hands-on technical and audit experience with PCI DSS and NIST 800-53 compliance
- Ability to work across multiple time zones with virtual global teams
- Strong technical understanding of cloud environments and shared responsibility models
- Strong technical understanding of access control, change management, logging and altering, and vulnerability management and other security domains
- Experience working in SaaS or cloud-native environments
- Experience working cross-functionally with engineering and infrastructure teams
- Experience supporting multiple compliance frameworks (PCI DSS, PCI CP, SOC 2, FedRAMP, NIST 800-53/FISMA, ISO 27001/2, ISO 42001)
- Experience with modern GRC platforms and control automation
- Familiarity with continuous compliance / continuous monitoring models
- Certifications such as: CISSP, CISA, CISM, CRISC, PCI ISA/QSA/PCI CP (preferred but not required)
Benefits
- Company’s discretionary annual incentive plan
- Comprehensive health and well-being programs which include medical, vision, dental
- A generous 401(k) matching contribution
- Life and disability insurance
- Mental health coaching
- Virtual fitness programs
- Paid personal time off plus 12 paid holidays
- Parental leave
- Education reimbursement
Company Overview