Information Security Analyst
PCI & Compliance · Hybrid (U.S.-based) · Full-time
Role Overview
We are hiring an Information Security Analyst focused on PCI DSS and cloud compliance to support our assessment and advisory engagements. Working alongside QSAs and engineers, you'll evaluate cardholder data environments, collect and validate control evidence, and help clients translate PCI DSS 4.0.1 requirements into practical, engineering-friendly controls. This is a hands-on analyst role with direct exposure to modern, cloud-native architectures and the teams that build them.
Responsibilities
- Support PCI DSS 4.0.1 readiness and Report on Compliance (ROC) assessments end to end
- Collect, organize, and validate control evidence across cloud-native environments
- Map client architectures and cardholder data flows to PCI scope and applicable requirements
- Assist with sampling, testing procedures, and gap identification
- Document findings clearly for both technical and executive audiences
- Track remediation progress and re-validate controls as they are implemented
Qualifications
- 2+ years in security analysis, IT audit, or compliance
- Working knowledge of PCI DSS (4.0 / 4.0.1) and at least one cloud platform (AWS, GCP, or Azure)
- Familiarity with evidence collection, control testing, and risk-based assessment
- Strong written communication, able to document controls and findings precisely
- Bonus: exposure to Infrastructure as Code (Terraform), ISO 27001, or NIST CSF
Why Arbure
- Expert-Driven Culture: We're a team of practitioners focused on outcomes, not checklists
- High Growth: Join us as we scale into new markets and capitalize on growing compliance complexity
- Strong Market Positioning: A QSA Company with a growing book of enterprise work
- Impact: Help shape how modern teams translate compliance into engineering