cybersecurity analyst senior, compliance

The role at Starbucks is a senior level cybersecurity analyst focused on compliance, based onsite in Seattle, Washington. The position acts as the PCI DSS v4.0 subject matter expert, guiding scoping, segmentation, data-flow validation, encryption design, and the CHD lifecycle while leading compliance program operations and automation with engineering and GRC teams.

Location

Seattle, WA (onsite)

Compensation

Annual salary range: USD 120,800 to 201,300

Responsibilities

• Lead PCI architecture assessments with emphasis on segmentation, network flows, and interactions involving cardholder data
• Provide expertise on encryption for data at rest and in transit, tokenization, and key management
• Steer PCI scoping efforts, validate data flows via data flow diagrams, and manage the cardholder data lifecycle
• Identify opportunities to minimize or eliminate cardholder data storage to shrink PCI scope
• Translate PCI DSS requirements into concrete technical controls
• Support PCI assessments with QSA-facing activities, including evidence validation, control testing, and remediation planning
• Design and maintain risk and control matrices aligned to PCI and enterprise standards
• Track remediation actions, risk acceptance, and exceptions with stakeholders
• Provide guidance on the use of compliance and risk management tools and processes
• Develop documentation and training materials for compliance processes and tooling
• Advance automation of PCI control validation and evidence collection
• Configure GRC/IRM platforms to support testing, assessments, and reporting
• Enable continuous monitoring through integrations, APIs, and data models
• Develop metrics and dashboards to monitor control health and risk visibility
• Gather and analyze solution requirements, facilitate user story creation, and conduct backlog grooming in an agile delivery environment
• Apply agile delivery methodologies and participate on scrum teams to drive project outcomes
• Assess opportunities for productivity improvements, efficiency gains, and cost savings
• Collaborate with engineering teams to embed PCI requirements into system designs
• Provide guidance aligned with policies, standards, and risk reduction efforts
• Develop reusable templates, documentation, and training materials
• Support delivery of compliance capabilities and program metrics, including KPIs
• Operate with minimal direction, escalating to senior analysts when necessary

Requirements

• Bachelor's degree in computer science or related field, or 3+ years of relevant experience
• Apply knowledge of business principles and technology practices to achieve cross-functional outcomes
• Excellent analytical and problem-solving skills
• Ability to align systems effectively with business needs
• Generate comprehensive system documentation
• Strong oral and written communication and interpersonal skills
• Proficiency with Microsoft Office applications, including Word and Excel
• Deep understanding of business processes and process improvement initiatives
• Commitment to delivering high-quality customer service
• Ability to implement system development concepts effectively
• Working knowledge of the systems development lifecycle and IT operations
• Use business knowledge, judgment, and resourcefulness to design reliable and sustainable technology solutions
• Ability to balance multiple priorities and meet deadlines
• Configuration knowledge of relevant applications, modules, and platforms
• 3+ years of progressive experience in Information Risk Management, IT Governance, IT Compliance, Data Privacy, or Internal/External Technology Audit, with at least two years in IT or software development
• Experience in cybersecurity, network security, or cloud security with direct exposure to PCI DSS environments
• Strong understanding of network architecture, cloud security design, and encryption protocols
• Experience translating compliance requirements into technical solutions
• Direct experience supporting PCI DSS assessments (QSA-facing)
• Experience designing or validating CDE segmentation in cloud and hybrid environments
• Familiarity with payment ecosystems, processors, and tokenization
• Exposure to Common Control Framework practices with tracking across multiple standards
• Able to influence both technical and business stakeholders in complex settings
• Certifications such as PCI QSA/ISA, PCIP, CISA, CISSP, CISM, CIPM or related controls assurance focus are a strong plus
• Hands-on experience developing roadmaps, user stories, backlogs, and coordinating conflicting requirements in a fast-paced environment
• Experience in engineering or platform roles for GRC or cybersecurity risk management solutions

Technologies

• GRC/IRM platforms
• APIs
• Microsoft Office suite (Word, Excel)

Benefits

• Health insurance covering medical, dental, and vision
• Life insurance with basic and supplemental options
• Disability coverage (short-term and long-term)
• Paid parental leave
• Family expansion reimbursement
• Paid vacation and sick time accrued
• Eight paid holidays plus two personal days per year
• 401(k) retirement plan with employer match
• Discounted company stock program (S.I.P.) and Starbucks equity program (Bean Stock)
• Emergency savings incentives and financial wellbeing tools
• 100 percent upfront tuition coverage for a first-time bachelor’s degree via Arizona State University online program under the Starbucks College Achievement Plan
• Student loan management resources and access to additional educational opportunities
• Backup care and DACA reimbursement
• Compliance with applicable state and local laws regarding employee leave benefits