Senior GRC Compliance Analyst (Hybrid - Seattle) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Nordstrom · 1 month ago

Senior GRC Compliance Analyst (Hybrid - Seattle)

positionSeattle, WA
timeFull-time
remoteHybrid
senioritySenior Level
money$142K/yr - $220K/yr
date5+ years exp

Nordstrom is a leading retailer seeking a Senior GRC Compliance Analyst specializing in PCI compliance. The role involves leading compliance assessments, managing regulatory activities, and implementing process improvements to enhance the company's security posture.

E-CommerceFashionRetail
check
H1B Sponsor Likelynote

Responsibilities

Design and execute specialized compliance assessments for complex regulatory environments, emerging regulations, multi-jurisdictional requirements, and specific industry standards, adapting methodologies as needed
Serve as a PCI subject matter expert and lead the annual merchant assessment process
Support various regulatory and security assessments, applying both qualitative and quantitative assessment techniques and developing test approaches for compliance validation
Provide guidance and best practices to Nordstrom engineers and leadership on how to effectively meet regulatory requirements
Coordinate operational activities across multiple stakeholders including Legal, IT, Finance, and Business teams to ensure comprehensive regulatory coverage and effective remediation strategies
Manage the full lifecycle of applicable risk/compliance remediation plans, including the development of detailed treatment plans, their documentation, rigorous tracking, and validation of efforts from internal stakeholders
Implement process improvements within specialized compliance domains, developing standardized approaches and best practices for recurring regulatory assessment scenarios
Drive the standardization and enhancement of assessment programs and improve the Common Control Framework to increase control testing efficiency
Identify and implement process improvements to enhance operational efficiency
Provide input and guidance on security policies and standards to ensure compliance with regulatory requirements
Develop compliance metrics and reporting for specialized regulatory domains, creating dashboards and analytics that provide actionable insights to management and support regulatory reporting
Define KPIs and KRIs and continuously measure and report on the effectiveness of our control posture, driving year-over-year improvement and sustained audit success
Support quarterly strategic initiatives by contributing regulatory expertise to short-term compliance projects and organizational improvement efforts
Contribute to the strategic vision and roadmap for the Compliance Assessment Team, supporting the development of reusable, scalable solutions to enhance program efficiency and support organizational growth
Educate stakeholders on regulatory compliance requirements and changes through training sessions, workshops, and consultation to improve organizational compliance awareness and readiness
Mentor junior analysts by providing guidance on assessment techniques, regulatory interpretation, and organizational compliance practices

Qualification

PCI complianceRegulatory complianceSecurity frameworksCommon Control FrameworkStakeholder managementAssessment automationSecurity toolingTechnical backgroundCommunication skillsMentorship

Required

5+ years of experience in regulatory compliance with demonstrated specialization in specific regulatory domains
5+ years of experience managing technically complex PCI assessments end to end with external assessors
Deep knowledge of PCI assessment processes and requirements at a Level 1 merchant, including data centers, retail locations, call centers, and cloud computing environments
Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent work experience
Demonstrated proficiency with security and regulatory frameworks (CIS, NIST, SOX, HIPAA, PCI DSS, CCPA, etc.)
Broad and deep understanding of the retail business domain, including experience with online, phone order, and physical store sales channels
Knowledge of how regulatory requirements can be met across a diverse set of technical environments—from legacy mainframe computers to containers in the cloud
Experience building or maintaining a Common Control Framework
Advanced compliance assessment capabilities and stakeholder management experience
Ability to adapt methodologies to complex regulatory scenarios
Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit
Highly collaborative skillsets and can build and leverage relationships with internal and external stakeholders
Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties

Preferred

Professional-level certification preferred (CISA, CRISC, CIPP, CPA, CIA, CISM, CISSP, or equivalent)
Domain-specific certifications valued (PCI Professional, SOX certifications, privacy certifications, or relevant regulatory specializations)
Experience with assessment automation
Technical background and demonstrated proficiency in security tooling
Experience with Onspring GRC platform

Benefits

Medical/Vision, Dental, Retirement and Paid Time Away
Life Insurance and Disability
Merchandise Discount and EAP Resources
401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more.

Company

Nordstrom

twittertwittertwitter
Glassdoor3.6
company-logo
Nordstrom is an online fashion retailer that specializes in fashion, footwear, accessories, and beauty.
dateFounded in 1901
location
Seattle, Washington, USA
people-size10001+ employees
web-link
http://www.nordstrom.com

H1B Sponsorship

Nordstrom has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (188)
2024 (231)
2023 (190)
2022 (311)
2021 (280)
2020 (208)

Funding

Current Stage
Public Company
Total Funding
$969.45M
Key Investors
Ryan CohenEl Puerto de Liverpool
2024-12-23Acquired
2023-02-03Post Ipo Equity
2022-09-16Post Ipo Equity· $294.45M

Leadership Team

leader-logo
Erik Nordstrom
Chief Executive Officer
linkedin
leader-logo
Alexis DePree
Chief Operating Officer
linkedin

Recent News

PR Newswire
SkinSpirit Expands Its Nordstrom Footprint in the New Year
2026-01-16
Morningstar.com
Nordstrom Rack to Open Two New Pennsylvania Stores in Exton and Media
2026-01-13
Digital Commerce 360
CPGIO adds five retail marketplaces as brand partners
2025-12-31
Company data provided by crunchbase