Senior GRC Compliance Analyst (Hybrid, Seattle)

Job Description

Join Nordstrom's Governance, Risk, and Compliance (GRC) team as a Senior Analyst, leading the development of compliance assessment methodologies and operational standards across multiple regulatory domains. You will serve as a primary point of contact for regulators and senior compliance stakeholders, lead technical scoping discussions across hybrid on-premises and cloud environments, drive de-scoping initiatives with technical teams, and build cross-functional partnerships that embed compliance into our technology ecosystem.

In this role, you will build comprehensive compliance assessment programs that integrate multiple regulatory domains with business objectives. You will lead senior stakeholder workshops on complex regulatory topics while managing critical external relationships with regulators and auditors. Your ability to translate complex technical environments into clear compliance requirements will be critical to program success.

Are you a strategic compliance leader who excels at designing enterprise-wide methodologies? Do you have a passion for building operational excellence in regulatory compliance with a strong background in PCI? Do you think about ways to integrate multiple regulatory domains while maintaining audit trail integrity? Join our team and be part of a company that is on the cutting edge of retail technology geared at getting consumers the products they love in a safe and secure environment.

A Day in the Life...

Methodology Design & Operational Standards

• Mature and formalize the PCI DSS compliance program from foundational elements, establishing policies, procedures, RACI, and operational workflows that meet QSA and acquiring bank expectations
• Design comprehensive compliance assessment methodologies for enterprise regulatory requirements, creating frameworks that integrate multiple regulatory domains and align with business objectives
• Develop operational standards and quality criteria for compliance processes, ensuring consistency and effectiveness across the organization while meeting diverse regulatory requirements
• Implement integrated controls across multiple regulatory and business domains, ensuring comprehensive compliance coverage and efficient resource utilization
• Define, design and implement KPIs and KRIs for the compliance space

Third-Party & External Relationship Management

• Manage third-party compliance assessments including external regulatory examinations, compliance consulting engagements, and specialized regulatory advisory projects
• Serve as primary liaison with internal and external compliance auditors and stakeholders, representing the organization's compliance posture and remediation efforts
• Make significant commitments for third-party compliance assessments, regulatory consulting, and compliance platforms within established enterprise frameworks

Strategic Alignment & Leadership

• Align operational activities with strategic objectives by participating in medium-term planning (6-18 months) and ensuring compliance initiatives support business goals and regulatory expectations
• Lead senior stakeholder workshops on complex regulatory topics, facilitating decision-making and consensus-building around compliance strategies and regulatory risk tolerance
• Coordinate cross-functional regulatory initiatives across Legal, IT, Finance, and Business teams to ensure comprehensive regulatory coverage and strategic execution
• Contribute to the strategic vision and roadmap for the Compliance Assessment Team, developing reusable, scalable solutions to enhance program efficiency and support organizational growth

Stakeholder Engagement & Education

• Educate senior stakeholders on regulatory compliance requirements and changes through workshops, strategic sessions, and consultation to improve organizational compliance awareness and readiness
• Facilitate decision-making processes around complex regulatory scenarios, helping leadership understand regulatory risk tolerance and compliance strategy options
• Provide expert guidance on regulatory interpretation and application across diverse business contexts and technical environments

You Own This If You Have...

Required Qualifications

Experience:

• 6-8 years of regulatory compliance experience with demonstrated leadership of cross-functional regulatory initiatives, including at least 2 years leading or building PCI programs
• Proven track record of designing and implementing enterprise-level compliance methodologies across multiple regulatory domains
• Demonstrated experience with technical scoping and de-scoping in hybrid on-premises and cloud PCI environments
• Direct experience building and managing Common Control Framework (CCF) programs
• Experience leading cross-functional technical teams through complex compliance initiatives
• Demonstrated ability to align compliance operations with strategic business objectives through medium-term planning

Education:

• Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, or related field, or equivalent work experience

Technical Knowledge:

• Expertise in multiple regulatory domains and frameworks (CIS, NIST, SOX, HIPAA, , CCPA, etc.) and deep understanding of PCI DSS v.4.
• Direct experience testing technical controls
• Deep understanding of enterprise compliance architecture and integrated control frameworks
• Knowledge of operational workflow design and process optimization for regulatory compliance
• Experience developing operational standards and quality criteria for compliance processes

Skills:

• Advanced methodology development and enterprise framework design capabilities
• Excellence in stakeholder management and external regulatory relationship management
• Strong ability to facilitate senior leadership workshops and drive consensus on complex regulatory topics
• Ability to make significant commitments and design workflows within enterprise governance structures
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties and regulators
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit

Preferred Qualifications

Certifications:

• Multiple advanced professional certifications preferred (CISA, CRISC, CIPP, CIPM)
• Specialized certifications valued (Advanced PCI certifications, regulatory-specific credentials, or equivalent compliance management certifications)

Additional Experience:

• Experience with GRC platform implementation and management
• Background in regulatory consulting or audit firms
• Experience leading enterprise-wide compliance transformation initiatives
• Proficiency in compliance automation and security tooling

We’ve got you covered…

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away

• Life Insurance and Disability

• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com. 

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ’s for relevant information and guidelines.

© 2022 Nordstrom, Inc  

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Nordstrom keeps job postings open for at least one day after the posting date.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. 
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.