PCI Analyst

Job Description: PCI Analyst (Contractor)

Location: Colombia

Role Summary

The PCI Analyst (Contractor) will support client! Cybersecurity’s Payment Card Industry (PCI) compliance program by assisting with assessments, control validation, remediation tracking, and audit readiness. This role collaborates with Security Operations, Infrastructure, Applications, Risk & Compliance, and external partners to ensure PCI DSS requirements are implemented and maintained.

Additionally, the role supports user access governance activities, including periodic access reviews, entitlement validation, and ensuring compliance with client! cybersecurity standards.

This position requires independent management of moderately complex compliance assignments, analytical problem-solving, and cross-team collaboration. It aligns with Yum! Level 7 expectations for intermediate professional contributors.

Key Responsibilities

PCI Compliance Operations

• Support PCI DSS assessments, evidence collection, and documentation reviews.
• Maintain PCI compliance artifacts (network diagrams, data flows, inventories, control matrices).
• Track remediation activities and coordinate follow-ups with stakeholders.
• Validate PCI security controls across systems, applications, and infrastructure.

Governance, Risk & Audit Support

• Partner with internal audit, external assessors, and security teams during PCI audits.
• Monitor compliance gaps and escalate risks impacting certification timelines.
• Assist with policy and standard updates aligned with PCI DSS.
• Contribute to risk assessments and exception management for cardholder data environments.
• Coordinate periodic user access reviews for PCI in-scope systems.
• Identify and remediate inappropriate or unauthorized access privileges.
• Validate segregation of duties and least-privilege requirements.
• Track remediation of access-related findings and ensure timely closure.

Technical & Operational Support

• Analyze logs, vulnerabilities, and configuration reports relevant to PCI compliance.
• Support continuous compliance monitoring and control testing.
• Coordinate remediation plans with engineering and operations teams.
• Improve compliance workflows, documentation standards, and reporting processes.

Stakeholder Collaboration

• Build strong working relationships across Cybersecurity, Infrastructure, Restaurant Technology, and vendors.
• Communicate compliance requirements clearly to technical and non-technical stakeholders.
• Provide reporting updates to PCI program leadership and compliance management.

Required Skills

• Working knowledge of PCI DSS standards and payment security practices.
• Understanding of cybersecurity principles (access management, vulnerability management, logging, encryption, segmentation).
• Ability to analyze compliance data and audit findings.
• Experience with governance, risk, and compliance (GRC) processes.
• Strong organizational skills and ability to manage multiple assignments.
• Effective written and verbal communication skills.
• Ability to work independently and collaboratively across distributed teams.
• Familiarity with security tools, ticketing platforms, and reporting systems.

Qualifications

• Bachelor’s degree in Cybersecurity, IT, or related field.
• 2+ years of relevant cybersecurity, compliance, audit, or PCI-related experience.
• Experience supporting PCI DSS assessments and SOX audits preferred.
• Familiarity with frameworks such as NIST, ISO 27001, or CIS Controls preferred.
• Certifications (PCI ISA, Security+, CISA, etc.) are a plus.
• Proficiency in English (written and spoken).