This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2021, Costco contributed over $58 million to organizations such as United Way and Children's Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes “World’s Best Employers”.

The Compliance Analyst is responsible for helping to create and maintain Costco’s IT General Control environment (ITGC) across all in scope SOX systems, ensuring the PCI DSS compliance, and for ensuring that Costco`s systems, applications and business processes are compliant with emerging privacy regulations such as CCPA and GDPR.

This position is responsible for ensuring that all ITGC control objectives are in place and operating, and helps coach control owners on changes that need to be made in the event a control is not operating for our international countries. In addition, this role will assist with the reporting and tracking of the SOX program to Costco Senior Leaders. This is a cross-functional role, working closely with all IT groups across US Costco, as well as internationally, to ensure controls and compliance requirements are clearly defined, understood, and implemented.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

Provides guidance to countries and reviews evidence on IT General Controls (ITGCs) in support of meeting audit objectives/requirements for all ITGC SOX areas.

Advises international countries on IT testing procedures to identify and evaluate risks and determine the effectiveness of controls.

Reviews and interprets privacy control requirements and compliance data/processes to identify potential compliance issues.

Assists with the creation and implementation of remediation from audit findings and/or provides exception documentation where applicable.

Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives.

Reports on compliance metrics and risks, facilitates the communication of findings to control owners and stakeholders, identifies weaknesses in control structures, and coordinates effective remediation.

Serves as the subject matter expert and point of contact to US Internal and External Auditors/Assessors for International countries.

Assists with the successful completion of the monthly User Access Review process.

Reviews evidence of compliance to support PCI DSS requirements and supports the completion of the annual PCI DSS Report on Compliance (ROC).

Manages and communicates key compliance milestones and success metrics for international efforts to executives, auditors, end users, and engineers using appropriate language, examples, and tone.

Documents and manages risks, issues, assumptions, and constraints impacting international delivery efforts.

Works closely with cross-functional teams, develops strong liaison relationships and manages supplier relationships ensuring cost control and timely deliverables.

Stays current with new and evolving security, compliance, privacy topics and technologies via formal training and self-directed education.

Conducts periodic audits for overall international solutions, planning and delivery functions.

Provides mentoring and coaching for International IT team members.

REQUIRED

2+ years’ prior experience supporting a Level 1 or Level 2 organization’s SOX/PCI compliance effort, working with an auditor and assessor or serving as an auditor and assessor.

3+ years’ of experience in compliance and/or related Costco business experience.

2+ years’ experience applying project management methodologies.

1+ years’ experience gathering business requirements.

1+ years’ experience in data quality, data analysis, audit, and/or data governance.

General understanding of attestation practices and access control vernacular.

Good understanding of compliance programs and regulations such as Sarbanes-Oxley (SOX), PCI and data privacy laws such as GDPR, CCPA, and other requirements that may impact compliance.

Experience managing program level activities by developing and executing against a strategic program charter.

Familiarity with Costco Corporate IT policies, procedures, and standards or similar project methodology, processes, and procedures.

Demonstrated ability to work independently and with limited supervision.

Experience in process improvement and demonstrated ability to solve business problems

Strong communication skills, both oral and written, including presentation skills, and the ability to negotiate and effectively engage individuals at all levels of the organization.

Extremely responsive, with a strong sense of urgency.

Able to support off hours work as required including weekends, holidays, and 24/7 on call responsibilities on a rotational basis.

This position travels internationally up to 25%.

Recommended

Bachelor’s Degree in International Business, Accounting, Computer Science, Information Technology or 4 years’ of equivalent experience.

Past or current certifications in one of the following areas: Certified Security Compliance Specialist (CSCS), Certified Information Systems Management (CISM), Certified Information Systems Security Professional (CISSP), Internal Security Assessor (ISA), Qualified Security Assessor (QSA), Certified Information Systems Auditor (CISA), Security+.

Working knowledge of Governance Risk and Compliance (GRC) tools, control frameworks, privacy regulations, and data management practices.

Ability to identify potential compliance issues (SOX, PCI, local health and privacy laws) and validate risk exposure from vendors and third-parties.

Knowledge of all requirements of the current PCI DSS, other significant PCI SSC guidance, card security, and compliance requirements from the major card brands.

Ability to align both active and planned project work efforts with program vision.

Ability to coordinate deliverables and interdependencies across program(s).

Experience in evaluating a business need and facilitating decision making to gain approval for the solution.

Proven history of successful management of business critical programs and projects.

Manages program/project architectural and technical strategies as defined by Enterprise Architecture.

Manages program level activities by developing and executing against a strategic program charter.

Process improvement skills and demonstrated ability to effectively troubleshoot and provide solutions.

Familiar with Costco’s IT or similar project methodology, processes and procedures.

Multi-lingual (Korean, Japanese, Spanish, German, French, or Chinese).

Required Documents

Cover Letter

Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level 2 - $85,000 - $120,000

Level 3 - $110,000 - $150,000

We offer a comprehensive package of benefits including paid time off, health benefits — medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, commuter benefits, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan, SmartDollar financial wellness program, to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.