Risk & Compliance Analyst

3 days ago Be among the first 25 applicants ABOUT TRIBUTE TECHNOLOGY: At Tribute Technology, we make end-of-life celebrations memorable, meaningful, and effortless through thoughtful and innovative technology solutions. Our mission is to help communities around the world celebrate life and pay tribute to those we love. Our comprehensive platform brings together software and technology to provide a fully integrated experience for all users, whether that is a family, a funeral home, or an online publisher. We are the market leader in the US and Canada, with global expansion plans and a growing international team of more than 400 individuals in the US, Canada, Philippines, Ukraine and India. ABOUT YOU: We\u2019re looking for a compliance and risk professional to join our growing international team. You will play a key role in supporting enterprise risk management, PCI DSS compliance and related security governance for a U.S.-based company with global operations. This is an opportunity to work with international security frameworks like PCI DSS, NIST CSF, and gain exposure to global audits, assessments, and enterprise security operations. WHAT YOU’LL DO: Enterprise Risk & Compliance Management Support the implementation of Tribute’s enterprise risk management framework, aligned with international standards. Assist with PCI DSS (SAQ-D/SAQ-A) assessments, including evidence collection and tracking remediation efforts. Maintain and update risk registers, control libraries, and compliance tracking systems. Cybersecurity Governance Help prepare NIST CSF profiles and PCI DSS scope documentation. Coordinate ASV scans, penetration testing, and vulnerability remediation tracking in accordance with PCI DSS. Maintain up-to-date network diagrams, data flow diagrams, and documentation of the cardholder data environment (CDE). Policy, Audit & Documentation Draft and maintain security and compliance policies based on NIST CSF and PCI DSS. Collaborate with engineering, product, and operations to ensure secure processes are followed. Collect audit evidence for external assessors and regulators and conduct internal control testing. Vendor Risk & Compliance Conduct third-party vendor due diligence and support ongoing compliance reviews. Ensure that critical operational processes such as vulnerability management, access reviews, and log monitoring meet compliance expectations. Training & Awareness Assist in delivering security and compliance training across the organization. Help communicate compliance requirements in a clear, collaborative, and business-friendly manner. Education and Experience: Bachelor’s degree in computer science, Information Security, Risk Management, Business, or related field desired. 5-7 years of experience in risk, compliance, audit, or cybersecurity roles (preferably in SaaS, fintech, or payments). Knowledge and Skills: Familiarity with frameworks/standards: NIST CSF, PCI DSS, GDPR/CCPA. Experience supporting evidence collection and compliance validation in cloud environments (AWS preferred). Strong understanding of compliance evidence collection and audit processes. Knowledge of risk management practices (risk registers, risk scoring, mitigation tracking). Ability to interpret and apply regulatory requirements in a pragmatic business context. Excellent communication and collaboration skills. Certifications: PCI Professional (PCIP), CISA, CRISC, or similar (Preferred, not required). What You’ll Gain: Opportunity to directly shape a growing GRC program in a high-impact industry. Hands-on experience with international compliance frameworks Work alongside experienced professionals across cybersecurity, engineering, and operations Exposure to real-world compliance projects in a global payments and technology environment Develop your career in a fast-growing, globally distributed team Benefits: Competitive salary Great benefits package (13th month pay, rice allowance, HMO...) An outstanding collaborative work environment Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the position. Feeling uneasy that you haven’t ticked every box? That’s okay, we’ve felt that way too. Studies have shown women and minorities are less likely to apply unless they meet all qualifications. We encourage you to break the status quo and apply to roles that would make you excited to come to work every day Note: This description focuses on the Compliance Analyst role at Tribute Technology and excludes unrelated postings and duplicate sections found in the original listing. #J-18808-Ljbffr