Risk & Compliance Analyst

ABOUT TRIBUTE TECHNOLOGY:

At Tribute Technology, we make end-of-life celebrations memorable, meaningful, and effortless through thoughtful and innovative technology solutions. Our mission is to help communities around the world celebrate life and pay tribute to those we love. Our comprehensive platform brings together software and technology to provide a fully integrated experience for all users, whether that is a family, a funeral home, or an online publisher. We are the market leader in the US and Canada, with global expansion plans and a growing international team of more than 400 individuals in the US, Canada, Philippines, Ukraine and India.

ABOUT YOU:

We're looking for a compliance and risk professional to join our growing international team. You will play a key role in supporting enterprise risk management, PCI DSS comp 

This is an opportunity to work with international security frameworks like PCI DSS, NIST CSF, and gain exposure to global audits, assessments, and enterprise security operations. Compliance, and cybersecurity governance for a U.S.-based company with global operations.

WHAT YOU'LL DO:

Enterprise Risk & Compliance Management

• Support the implementation of Tribute's enterprise risk management framework, aligned with international standards.
• Assist with PCI DSS (SAQ-D/SAQ-A) assessments, including evidence collection and tracking remediation efforts.
• Maintain and update risk registers, control libraries, and compliance tracking systems.

Cybersecurity Governance

• Help prepare NIST CSF profiles and PCI DSS scope documentation.
• Coordinate ASV scans, penetration testing, and vulnerability remediation tracking in accordance with PCI DSS.
• Maintain up-to-date network diagrams, data flow diagrams, and documentation of the cardholder data environment (CDE).

Policy, Audit & Documentation

• Draft and maintain security and compliance policies based on NIST CSF and PCI DSS.
• Collaborate with engineering, product, and operations to ensure secure processes are followed.
• Collect audit evidence for external assessors and regulators and conduct internal control testing.

Vendor Risk & Compliance

• Conduct third-party vendor due diligence and support ongoing compliance reviews.
• Ensure that critical operational processes such as vulnerability management, access reviews, and log monitoring meet compliance expectations.

Training & Awareness

• Assist in delivering security and compliance training across the organization.
• Help communicate compliance requirements in a clear, collaborative, and business-friendly manner.

EDUCATION AND EXPERIENCE:

• Bachelor's degree in computer science, Information Security, Risk Management, Business, or related field desired.
• 5-7 years of experience in risk, compliance, audit, or cybersecurity roles (preferably in SaaS, fintech, or payments).

KNOWLEDGE AND SKILLS:

• Familiarity with frameworks/standards: NIST CSF, PCI DSS, GDPR/CCPA.
• Experience supporting evidence collection and compliance validation in cloud environments (AWS preferred).
• Strong understanding of compliance evidence collection and audit processes.
• Knowledge of risk management practices (risk registers, risk scoring, mitigation tracking).
• Ability to interpret and apply regulatory requirements in a pragmatic business context.
• Excellent communication and collaboration skills.

CERTIFICATIONS:

• PCI Professional (PCIP), CISA, CRISC, or similar (Preferred, not required).

WHAT YOU'LL GAIN:

• Opportunity to directly shape a growing GRC program in a high-impact industry.
• Hands-on experience with international compliance frameworks
• Work alongside experienced professionals across cybersecurity, engineering, and operations
• Exposure to real-world compliance projects in a global payments and technology environment
• Develop your career in a fast-growing, globally distributed team

BENEFITS:

• Competitive salary
• Great benefits package (13th month pay, rice allowance, HMO...)
• An outstanding collaborative work environment

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the position.

Feeling uneasy that you haven't ticked every box? That's okay, we've felt that way too. Studies have shown women and minorities are less likely to apply unless they meet all qualifications. We encourage you to break the status quo and apply to roles that would make you excited to come to work every day