PCI Compliance Analyst

Job#: 3025599

Job Description:
Role Summary

We are seeking an experienced PCI Compliance Analyst to support the CI Compliance team in managing and executing an enterprise-scale PCI DSS v4.0 / v4.0.1 compliance program. This role requires deep hands-on PCI expertise, strong assessment experience, and the ability to translate PCI requirements into practical, risk-based guidance for business and technology partners.

The ideal candidate has QSA-level assessment experience (former QSA strongly preferred), has supported multiple enterprise PCI assessments, and understands how QSAs evaluate evidence, controls, and compliance posture-particularly in complex and cloud-hosted environments.
Core PCI Expertise

The contractor must demonstrate deep working knowledge of PCI DSS v4.0 / 4.0.1, including:

• End-to-end PCI DSS compliance program management
• Interpretation of PCI DSS requirements and testing procedures
• Experience supporting ROC and AOC preparation
• Experience implementing, executing, and monitoring PCI controls within Archer
• Strong understanding of Compensating Controls and validation requirements
• Facilitating and leading PCI assessments within large enterprise environments
• Supporting business partners with implementing PCI controls in their environments
• Experience supporting both Retail Payments and Service Provider PCI requirements
• Experience with PCI DSS v4.0 Customized Approach
• Strong knowledge of PCI DSS Targeted Risk Analysis (TRA) requirements
• Ability to interpret and apply PCI guidance documents beyond the requirement text

QSA-Level Assessment Experience (Preferred)

Preferred candidates will have experience working:

• As a Qualified Security Assessor (QSA), or
• In a QSA-adjacent role supporting organizations through annual PCI assessments

Experience must include:

• Supporting and participating in fieldwork interviews
• Reviewing and validating evidence artifacts
• Mapping controls to PCI DSS testing procedures
• Identifying and documenting non-compliance observations
• Drafting clear, actionable remediation recommendations

Technical Control Understanding

The contractor must be able to evaluate, advise on, and validate technical controls across the following domains:
Network Security

• Network segmentation validation
• Firewall rule governance
• Cardholder Data Environment (CDE) scoping

Identity & Access Management

• Multi-Factor Authentication (MFA) implementations
• Privileged Access Management (PAM)
• Service account governance

Data Security

• Encryption and key management
• Tokenization
• PAN storage protection

Monitoring & Logging

• SIEM monitoring and alerting
• File Integrity Monitoring (FIM)
• Logging review and retention processes

PCI Scoping Expertise

The candidate must have experience performing or supporting PCI scoping exercises, including identification and validation of:

• Cardholder Data Environment (CDE)
• Connected systems
• Security-impacting systems
• Out-of-scope segmentation validation

Compliance Program Support

The contractor will assist with:

• PCI control development and ongoing monitoring
• Control framework development and maintenance
• Evidence validation and quality review
• Compliance gap analysis
• Remediation strategy development
• Continuous audit readiness

Required Certifications (Preferred)

At least one of the following:

• PCI Qualified Security Assessor (QSA)
• PCI Internal Security Assessor (ISA)
• CISA

Experience Requirements

• 7+ years of cybersecurity and/or compliance experience
• 5+ years of direct PCI DSS experience

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.