Cybersecurity Analyst, GRC

About Visa

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year.

Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Location Type: On-site Employment Type: Full-time

Job Description

As a key member of the Cybersecurity Governance Risk and Compliance and M&A Integration (GRC) team, the Cybersecurity Analyst – GRC will lead and support initiatives in IT compliance and risk management. Reporting to the Director of Cybersecurity, this role requires a proactive, self-directed professional with expertise in PCI DSS and/or PCI 3DS and SOC 2, and the ability to apply AI tools to streamline and enhance efficiency and accuracy. The Cybersecurity Analyst – GRC will also contribute to the evolution of GRC processes and ensure alignment with industry best practices, Visa standards, and contractual obligations.

Essential Functions

• Oversee and organize security and compliance assessments, such as PCI DSS, PCI 3DS, and SOC 2, including preparing assessments, collecting evidence, coordinating with stakeholders, and remediating gaps.
• Independently manage ongoing compliance activities such as penetration testing, ASV scanning, control evaluations, issue remediation, and re-testing cycles.
• Work closely with technical and product teams to conduct security assessments, ensuring that code and infrastructure modifications comply with established security and compliance standards.
• Leverage AI and automation tools to improve compliance monitoring, evidence management, and efficiency.
• Respond to client, partner, and third-party security assessments, ensuring timely communications and thorough responses.
• Continuously refine GRC processes to improve scalability, accuracy, and responsiveness.
• Stay up to date and informed on developing data security regulatory concerns and changing IT and cybersecurity trends.

Note: This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Qualifications

Basic Qualifications:

• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience

Preferred Qualifications:

• 3 or more years of work experience with a Bachelor’s degree in computer science, Information Security, Management Information Systems, or another related field, or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD).
• Demonstrated expertise with PCI DSS and/or PCI 3DS standards and SOC 2 controls.
• Strong working knowledge of audit and compliance processes, including controls testing and evidence lifecycle management.
• Proven ability to work independently with minimal supervision, while also collaborating effectively across teams.
• Strong communication, planning, and organizational skills.
• Experience with GRC platforms (e.g., AuditBoard, Archer).
• Must be highly flexible and able to manage multiple tasks and priorities.
• CRISC, CISM, CISA, PCIP, and/or CISSP certifications preferred.

Additional Information

Work Hours: Varies upon the needs of the department. Travel Requirements: This position requires travel 5-10% of the time. Mental/Physical Requirements: This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion,