It Compliance Analyst - Membership

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes “World’s Best Employers”.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

The Costco Membership IT team is looking for a highly-experienced Compliance Analyst to join us in building and supporting products that enable an exceptional experience for our members. With our team, you’ll be challenged every day to ensure all areas of information security, compliance, security risk management, and privacy are accounted for, incorporated, and tracked into the software solutions and various controls our department is responsible for. The ideal candidate for this role is an Information Security & Compliance SME who is a responsible, conscientious, organized, and effective communicator and collaborator. They are passionate about their work and intrinsically motivated to help the team accomplish its goals.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

Identifies problems, analyzes data, and presents findings in a professional manner, recommends mitigations either via new technology, alternative compensating controls, or policy modifications to improve overall security posture.

Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.

Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.

Stays current with new and evolving security topics and technologies via formal training and self-directed education.

Innovative, creative, and works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency.

Manages and communicates key compliance milestones for critical systems and complex processes.

Establishes and meets deadlines to ensure adherence to rules and regulations.

Assists with auditing of IT activities and systems to confirm compliance to information security policies and regulations.

Maintains liaisons between internal departments, internal/external auditors, vendors and service providers to evaluate, scope and document IT security and compliance system requirements throughout the Membership IT landscape of existing and new systems.

Tracks and prioritizes security vulnerabilities and PEN testing/scan findings, and actively coordinates and tracks remediation tasks with product managers, product owners, delivery managers, and scrum masters through completion.

Drafts, attests to, secures, and manages the lifecycle of applicable security risk and policy exceptions (and renewals) on behalf of the department, including ensuring remediations are implemented by expiration date(s).

Develops, optimizes, and coordinates the execution of effective SOX control workbooks to ensure ongoing compliance.

Produces and presents regular SOX control attestation and monthly departmental Security & Compliance reports and assessments to key stakeholders.

Researches, maintains a strong understanding of, and partners effectively with required departments to respond to current, and upcoming regulatory requirements and legislation, including adherence to and industry regulations (PCI, SOX, PII, HIPAA, CCPA, GDPR, etc) and requirements.

Promotes and supports a culture of compliance, risk avoidance/mitigation and corporate accountability by socializing Information Security policies, standards, and assists in the development of procedure-level documentation.

REQUIRED

5+ years’ experience developing and executing security risk management and compliance programs.

2+ years’ supporting SOX, PCI or general controls in an IT environment.

Understanding of IT systems, applications, networks, and databases.

Understanding of attestation practices and access control tools and vernacular.

Experience and knowledge of applicable local and federal information technology laws.

Strong organizational and time management skills with ability to deliver under pressure.

Experience with project management (planning, organizing, and managing resources to complete goals and objectives).

Ability to identify problems, analyze data and present conclusions; experience with spreadsheet functions and formulas.

Excellent communication skills (both written and verbal).

High degree of integrity, accountability, a positive attitude, and willing to do what it takes to make the team successful.

Recommended

Architectural-level experience in information security, data compliance, and risk management.

Experience in compliance and risk management for on-prem and SaaS loyalty and credit card payment processing IT. Solutions and cloud platforms, including Microsoft Azure.

Experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities.

Information Security degree and/or certifications.

Experience working as part of an Agile team (Scrum, KanBan, Extreme Programming, etc.).

Required Documents

• Cover Letter

• Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level 2 - $85,000 - $120,000

Level 3 - $110,000 - $150,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected]

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas .