IT Compliance Analyst Job at Costco Wholesale in Issaquah, WA

Job Description

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children’s Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”.

The IT Compliance Analyst will be responsible for ensuring the PCI DSS compliance of people, process, and technology for a subset of focused PCI DSS requirements at Costco.

If you want to be a part of one of the BEST “to work for” companies in the world, simply apply and let your career be reimagined.


Understands and documents complex branded payment acceptance or card servicing processes.

Applies established PCI DSS scoping criteria.

Obtains and reviews evidence of compliance to support technical or complex PCI DSS requirements.

Supports the completion of the annual PCI DSS Report on Compliance.

Drives necessary system and process updates.

Scopes, interprets, and prioritizes both application and network vulnerability test results.

Manages and communicates key compliance milestones for critical systems and complex processes.

Facilitates interaction between the business and Costco’s PCI DSS Qualified Security Assessor (QSA).

Consults on moderately complex PCI DSS compliance considerations.

Works closely with cross-functional teams and develop strong liaison relationships.

Stays current with new and evolving security topics and technologies via formal training and self-directed education.

Willingly shares knowledge and experiences with less experienced staff to help grow team talent bench through training and mentoring.


5-10 years’ IT background; experience with compliance or regulatory issues preferred.

3+ years’ prior experience supporting a Level 1 or Level 2 organization’s PCI DSS compliance effort, working with an ISA or QSA, or serving as a ISA or QSA.

Intermediate knowledge of all requirements of the PCI DSS v3.x, other significant PCI SSC guidance, and card security and compliance requirements from the major card brands.

Intermediate knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policy.

Able to scope, interpret and prioritize both application and network vulnerability test results.

Ability to identify problems, analyze data and present conclusions effectively.

Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and stakeholders in an effective and appropriate manner.

Excellent productivity tool skills (spreadsheets, slide decks, documents).


Bachelor’s degree or equivalent experience.

Industry Certifications (CISSP/PCI QSA or ISA/PCIP/CISM/CRISC) preferred.

Required Documents

Cover Letter


About Company

Company: Costco Wholesale

Company Location:  Issaquah, WA

About Costco Wholesale