PCI Compliance Senior Analyst (Remote Opportunity)

Lensa is a career site that helps job seekers find great jobs in the US. We are not a staffing firm or agency. Lensa does not hire directly for these jobs, but promotes jobs on LinkedIn on behalf of its direct clients, recruitment ad agencies, and marketing partners. Lensa partners with DirectEmployers to promote this job for Hyatt. Clicking "Apply Now" or "Read more" on Lensa redirects you to the job board/employer site. Any information collected there is subject to their terms and privacy notice.

Description

The Opportunity

Hyatt Hotels Corporation seeks an enthusiastic Sr. GRC analyst to join our IT Governance, Risk Management, and Compliance team. In this role, you will be collaborating closely with cross-functional teams, where you will be instrumental in continuing to make Hyatt a leading hospitality company. You will be part of a team that is passionate about our purpose, committed to nurturing curiosity and new skills, and building connections with colleagues, customers, and guests across the organization.

Who We Are

At Hyatt, we believe in the power of belonging and creating a culture of care, where our colleagues become family. Since 1957, our colleagues and our guests have been at the heart of our business and helped Hyatt become one of the best and fastest-growing hospitality brands in the world. Our transformative growth and the addition of new hotels, brands, and business lines can open the door for exciting career and growth opportunities for our colleagues.

As we continue to grow, we never lose sight of what’s most important: People. We turn trips into journeys, encounters into experiences, and jobs into careers.

Why Now?

This is an exciting time to be at Hyatt. We are growing rapidly and are looking for passionate changemakers to be a part of our journey. The hospitality industry is resilient and continues to offer dynamic opportunities for upward mobility, and Hyatt is no exception.

How We Care For Our People

What sets us apart is our purpose—to care for people so they can be their best. Every business decision is made through the lens of our purpose, and it informs how we have and will continue to support each other as members of the Hyatt family.Our care for our colleagues is the key to our success. We’re proud to have earned a place on Fortune’s prestigious 100 Best Companies to Work For® list for the last ten years. This recognition is a testament to the tremendous way our Hyatt family continues to come together to care for one another, our commitment to a culture of inclusivity, empathy, and respect, and making sure everyone feels like they belong.

We’re proud to offer exceptional corporate benefits, which include:

• Annual allotment of free hotel stays at Hyatt hotels globally
• Flexible work schedule
• Work-life benefits including wellbeing initiatives such as a complimentary Headspace subscription, and a discount at the on-site fitness center
• A global family assistance policy with paid time off following the birth or adoption of a child as well as financial assistance for adoption
• Paid Time Off, Medical, Dental, Vision, 401K with company match

Who You Are

As our ideal candidate, you understand the power and purpose of our culture of care and embody our core values of Empathy, Inclusion, Integrity, Experimentation, Respect, and well-being. You enjoy working with others, are results-driven, and are looking for a variety of opportunities to develop personally and professionally.

The Role

The Senior GRC Analyst will serve as a subject matter expert in Payment Card Industry Data Security Standard (PCI DSS) compliance, supporting the organization’s ongoing PCI-related assessments and certification efforts. This role is responsible for leading assessment activities, ensuring compliance with applicable requirements, and working closely with cross-functional teams to identify, document, and remediate gaps. In addition to PCI responsibilities, the Senior GRC Analyst will assist other IT compliance engagements where you will act as the 2nd line of defense for the organization, such as SOX IT General Controls (ITGC)evaluations, vendor security assessments, regulatory reviews, etc.. The Senior GRC Analyst will also drive process improvements to strengthen the organization’s overall compliance posture and reduce risk exposure.

• Lead the end-to-end PCI DSS Level-1 Service Provider assessment process in collaboration with the external QSA, from planning through final Report on Compliance (ROC) delivery.
• Serve as the primary liaison with QSAs, external auditors, and internal stakeholders to ensure timely deliverables, effective communication, and resolution of findings.
• Interpret PCI DSS requirements and provide actionable guidance to technical and business teams for effective implementation.
• Oversee evidence gathering, review, and validation to support PCI DSS, SOX ITGC, operational audits in conjunction with Hyatt Internal Audit, and other compliance assessments.
• Manage SOX ITGC audit activities, including coordinating with control owners, addressing deficiencies, maintaining control documentation, and overseeing remediation activities with the control owners.
• Support other IT compliance initiatives such as vendor risk management, ISO 27001 alignment, and regulatory or contractual audits.
• Develop and maintain compliance-related policies, procedures, and control documentation.
• Track, monitor, and report compliance metrics to management and senior leadership.
• Stay informed on regulatory and industry changes, advising stakeholders on potential impacts and required adjustments.

Qualifications

Experience Required:

• Bachelor’s degree in Information Security, Information Technology, Risk Management, Cyber Security, or a related field (or equivalent work experience).
• 5 years of experience in GRC, IT compliance, or information security, with significant PCI DSS and SOX ITGC experience.
• Proven history of leading PCI DSS Level-1 Service Provider assessments with a QSA.
• Strong understanding of PCI DSS requirements, SOX Compliance, and general IT audit frameworks.
• Experience coordinating with external auditors and managing cross-functional remediation efforts.
• Excellent organizational, communication, and stakeholder management skills.

Experience Preferred

• Preferred certifications: PCI Qualified Security Assessor (QSA), PCI Internal Security Assessor (ISA), CISA, CISSP, CRISC, or equivalent.

The position responsibilities outlined above are in no way to be construed as all-encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

We Welcome You

Research shows that individuals tend to apply to jobs only if they meet all the listed job qualifications. Unsure if you check every box, but feeling inspired to enhance your career? Apply. We’d love to consider your unique experiences and how you could make Hyatt even better.

We value our relationships with recruitment partners and require that agencies contact us first before submitting any candidates. Hyatt will not be responsible for any fees and obligations associated with unsolicited submissions unless a formal agreement is in place.

The salary range for this position is $95,000 to $120,000. This position is also eligible to earn incentive awards and an annual bonus. The final pay rate/salary offered to the successful candidate will depend on experience, skill level and other qualifications for the role, as well as the location of the performance of work. Pay for the successful candidate will meet local requirements, including the local minimum wage rate.

Primary Location: US-IL-Chicago

Organization: Hyatt Corporate Office

Pay Basis: Yearly

Job Level: Full-time

Job: Technology

Req ID: CHI014867

Hyatt is an equal employment opportunity and affirmative action employer. We do not discriminate on the basis of race, color, gender, gender identity, sexual orientation, marital status, pregnancy, national origin, ancestry, age, religion, disability, veteran status, genetic information, citizenship status or any other group protected by law.

If you have questions about this posting, please contact [email protected]