IT Governance, Risk, and Compliance (GRC) Analyst - PCI-DSS Compliance

Being good neighbors - helping people, investing in our communities, and making the world a better place - is who we are at State Farm. It is at the core of how we operate and the reason for our success. Come join a #1 team and do some good!

Do you crave innovation and want to work for a company that is the BEST at what they do in the industry? Does the opportunity to work hybrid and maintain a work life balance appeal to you? Then we have the perfect job for you! We are seeking an IT GRC Analyst with knowledge in governance/risk/compliance, networking/infrastructure and information security to join State Farm's Team of Payment Card Industry Internal Security Assessors (PCI ISA). This position will allow you to utilize different technologies, and frameworks to drive compliant solutions while working on inclusive teams that foster diversity of thought. You will be provided opportunities via in house training programs for upskilling to support your development and career goals!

The IT GRC Analyst will work on a team of 11 Payment Card Industry Internal Security Assessors (PCI ISA) and be responsible for assessing, validating, and delivering the Payment Card Industry Data Security Standard (PCI DSS) compliance of people, processes, and technologies for the Cardholder Data Environment at State Farm.

Key Responsibilities Performed by the PCI ISA on a Daily Basis:

• Applies defined PCI DSS scoping criteria.
• PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met.
• Supports the completion of the annual PCI DSS Report on Compliance.
• Drives necessary system and process updates in alignment with PCI DSS scoping & requirements.
• Facilitates interaction between the business partner(s), product teams and the PCI Compliance & Consulting Team.
• Consults on moderately complex PCI DSS compliance considerations.
• Works closely with business and technology teams to develop strong liaison relationships.
• Stays current with new and evolving security, technologies, governance, risk & compliance topics via formal training and self-directed education.
• Shares knowledge and experiences with others to help grow the team's talent bench through training and mentoring on a continual basis.

Required Skills/Experience:

• 3-8 years IT background; experience with governance, risk & compliance and information security best practices are preferred.
• Prior experience supporting or engagement with a Level 1 Merchant's PCI DSS compliance work.
• Intermediate knowledge of five or more of the following technical areas: infrastructure (physical, virtual & Cloud), network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.
• Ability to analyze, collaborate & present solutions (both verbal & written) to successfully remediate identified compliance issues with business partners and stakeholders.
• Intermediate knowledge of PCI DSS compliance & security frameworks to understand & validate the requirements of protecting customer's payment card data.
• Work well under pressure to identify and problem-solve complex situations across multiple customer channels and scenarios related to customer cardholder data and applicable PCI DSS Compliance.

Desired Skills/Experience:

• Past or current certifications in one or more of the following areas: Security+, CISSP, GSEC, AWS, CISA, CISM, PCI ISA or PCI QSA.
• Proven experience as a motivated, self-starter, who can deliver results in a fast paced, complex, changing environment.
• Must be a strong communicator, a team & individual contributor, who has preferably worked on a team across multiple time zones.

PI263827897