Senior Compliance Analyst - Continuous Compliance Framework; Hybrid - Seattle Job Seattle area,Washington USA,IT/Tech

Position: Senior Compliance Analyst - Continuous Compliance Framework (Hybrid - Seattle)
Job Description

If you're a compliance pro who thrives on building scalable, tech-enabled frameworks and wants to be at the forefront of AI-assisted testing and automation, we want to meet you. We are evolving our compliance program to move at the speed of our business, and we need a strategic lead to take the wheel.

Forget the traditional "box-checking" mentality. This role is for a compliance professional who thrives on building scalable, tech-enabled frameworks and wants to be at the forefront of AI-assisted testing and automation. Join the Governance, Risk, and Compliance (GRC) team as a Senior Analyst on the Compliance Assessment team. In this role, you will lead the transformation and maturation of our existing Continuous Compliance Framework (CCF)-tailoring controls to our organization, acting as the functional lead for the CCF module in our GRC tool, and collaborating across the business to define the parameters that keep us secure.

A critical aspect of this role is cross-functional collaboration with the Governance and Risk teams to ensure the CCF, risk management, and governance programs are integrated and mutually reinforcing. You will also support our audits and assessments such as PCI, contributing to the team's broader compliance posture.

A Day in the Life…

Continuous Compliance Framework (CCF) Transformation

* Lead the transformation and ongoing maturation of the CCF, including updating and tailoring controls to reflect the current organizational environment, risk profile, and regulatory landscape.

* Configure and manage the CCF program module within Nordstrom's GRC tool, ensuring accurate representation of controls, testing schedules, evidence requirements, and ownership assignments.

* Collaborate with stakeholders across business and technology teams to define control language, testing frequency, and implementation guidance that is practical and aligned with operational realities.

* Document RACI models for all controls within the CCF, establishing clear ownership and accountability across teams.

* Design and implement KPIs and KRIs for the CCF and broader compliance program, enabling data-driven reporting on compliance health and risk exposure

GRC Program Integration

* Work closely with the Governance and Risk teams to ensure the CCF, risk management program, and governance program are integrated, with aligned control sets, shared evidence, and coordinated reporting.

* Identify opportunities to harmonize compliance controls with risk appetite and governance structures, reducing duplication and improving program efficiency.

* Participate in cross-GRC planning sessions to align timelines, control mappings, and stakeholder engagement strategies across all three programs.

* Support the development and communication of a unified GRC narrative for leadership, translating program health across risk, governance, and compliance into cohesive insights.

Compliance Assessment & Methodology

* Partner with Security Engineers to design AI-driven testing and automated evidence collection features within the GRC tool; the Senior Analyst provides functional requirements while Engineers lead technical builds.

* Serve as a subject matter partner to the PCI program owner to ensure CCF controls satisfy PCI DSS requirements and support the annual PCI assessment process.

* Design and implement enterprise compliance assessment methodologies that integrate multiple regulatory domains (e.g., NIST, CIS, SOX, HIPAA, CCPA).

* Develop operational standards and quality criteria for compliance processes, ensuring consistency and effectiveness across the organization.

* Serve as a subject matter resource for control testing approaches, evidence collection, and documentation quality

Stakeholder Engagement

* Engage cross-functional stakeholders to gather input on control design, testing feasibility, and ownership, building lasting partnerships that embed compliance into the technology ecosystem.

* Lead workshops and working sessions with stakeholders to define control requirements, discuss testing approaches, and align on program direction.

* Serve as a liaison with internal and external auditors as needed, representing the organization's compliance posture and program maturity.

Strategic Alignment & Program Leadership

* Align CCF activities with strategic business and security objectives by participating in medium-term planning (6-18 months) and ensuring compliance initiatives support organizational goals.

* Contribute to the strategic vision and roadmap for the Compliance Assessment team, developing reusable, scalable solutions that enhance program efficiency and support organizational growth.

* Coordinate cross-functional compliance initiatives to ensure comprehensive regulatory coverage and consistent execution.

You Own This If You Have…

Required Qualifications

Experience:

* 4-6 years of regulatory compliance experience with demonstrated ownership of cross-functional compliance initiatives.

* Direct experience building and managing Continuous…