Senior GRC Compliance Analyst

###
** Job Description
** Join Nordstrom's Governance, Risk, and Compliance (GRC) team as a Senior Analyst specializing in PCI compliance. You will be a key member of our Compliance Assessment (CA) Team, building scalable compliance programs to enhance Nordstrom's security posture, reduce risk, and ensure audit success across complex regulatory  this role, you will lead domain-specific regulatory compliance activities, adapting standard procedures to address varying regulatory scenarios while educating stakeholders on compliance requirements and regulatory changes.

You will have authority to implement process improvements within your specialized domain and make domain-specific recommendations to senior staff for enterprise-wide changes.
** A Day in the Life...
**** Compliance Assessment & Regulatory Expertise**
* ** Design and execute specialized compliance assessments
** for complex regulatory environments, emerging regulations, multi-jurisdictional requirements, and specific industry standards, adapting methodologies as needed
* ** Serve as a PCI subject matter expert
** and lead the annual merchant assessment process
* ** Support various regulatory and security assessments**, applying both qualitative and quantitative assessment techniques and developing test approaches for compliance validation
* ** Provide guidance and best practices
** to Nordstrom engineers and leadership on how to effectively meet regulatory requirements
** Stakeholder Coordination & Remediation**
* ** Coordinate operational activities
** across multiple stakeholders including Legal, IT, Finance, and Business teams to ensure comprehensive regulatory coverage and effective remediation strategies
* ** Manage the full lifecycle of applicable risk/compliance remediation plans**, including the development of detailed treatment plans, their documentation, rigorous tracking, and validation of efforts from internal stakeholders
** Process Improvement & Standardization**
* ** Implement process improvements
** within specialized compliance domains, developing standardized approaches and best practices for recurring regulatory assessment scenarios
* ** Drive the standardization and enhancement of assessment programs
** and improve the Common Control Framework to increase control testing efficiency
* ** Identify and implement process improvements
** to enhance operational efficiency
* ** Provide input and guidance on security policies and standards
** to ensure compliance with regulatory requirements
** Metrics, Reporting & Strategic Support**
* ** Develop compliance metrics and reporting
** for specialized regulatory domains, creating dashboards and analytics that provide actionable insights to management and support regulatory reporting
* ** Define KPIs and KRIs
** and continuously measure and report on the effectiveness of our control posture, driving year-over-year improvement and sustained audit success
* ** Support quarterly strategic initiatives
** by contributing regulatory expertise to short-term compliance projects and organizational improvement efforts
* ** Contribute to the strategic vision and roadmap
** for the Compliance Assessment Team, supporting the development of reusable, scalable solutions to enhance program efficiency and support organizational growth
** Education & Mentorship**
* ** Educate stakeholders on regulatory compliance requirements
** and changes through training sessions, workshops, and consultation to improve organizational compliance awareness and readiness
* ** Mentor junior analysts
** by providing guidance on assessment techniques, regulatory interpretation, and organizational compliance practices
** You Own This If You Have...
**** Required Qualifications
***
* Experience:

*** 5+ years of experience in regulatory compliance with demonstrated specialization in specific regulatory domains
* 5+ years of experience managing technically complex PCI assessments end to end with external assessors
* Deep knowledge of PCI assessment processes and requirements at a Level 1 merchant, including data centers, retail locations, call centers, and cloud computing environments
*
* Education:

*** Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent work experience
** Technical Knowledge:
*** Demonstrated proficiency with security and regulatory frameworks (CIS, NIST, SOX, HIPAA, PCI DSS, CCPA, etc.)
* Broad and deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
* Knowledge of how regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
* Experience building or maintaining a Common Control Framework
*
* Skills:

*** Advanced compliance assessment capabilities and stakeholder management experience
* Ability to adapt methodologies to complex regulatory scenarios
* Strong bias for results and can operate with autonomy to address bottlenecks, provide…