Compliance Analyst

Organisation: The National Trust for Scotland

Salary: £33,702 - £37,281 pro-rata, per annum

Location: Edinburgh

The Compliance Analyst will be responsible for taking forward the PCI DSS (Payment Card Industry Data Security Standards) compliance action plan, undertaking due diligence, creating operational payment processes, and leading on the effort to embed the practices into the organisation. They will report to the DPO and be based within the Corporate and Commercial Services team.


• Lead on the delivery of a PCI DSS compliance action plan.
• Develop operating procedures for new payment channels and review operating procedures for existing channels.
• Liaise with colleagues to review all paper-based payment processing at NTS.
• Complete/update PCI DSS Self-Assessment Questionnaires (SAQs) for payment processes.
• Define appropriate back up processes when primary payment channels are unavailable.
• Work with colleagues and external partners to ensure that all third parties processing payments on behalf of the Trust are themselves appropriately PCI compliant.
• Support colleagues across the organisation with advice and practical guidance on the implementation of PCI DSS policies and procedures.
• Assist in the recording, monitoring, and reporting of risks associated with payment processing activities and identify actions that can be taken to mitigate risk.
• Support the delivery of mandatory training in PCI DSS – including the delivery of refresher training to volunteers and employees.
• Support the development of an annual auditing framework in line with PCI DSS requirements.
• Work with the DPO, Technology Director and Finance Director to advise on possible solutions to challenges with payment systems and processes in order to mitigate risk.
• Oversee the management of a central payment device inventory to ensure it remains up to date.
• Support colleagues in regions/teams to produce local inventories and keep them up to date.


• Demonstrable experience in compliance/business/data analytics
• Excellent knowledge of PCI DSS requirements
• Excellent stakeholder management, influencing and negotiation skills
• Excellent planning and organisational skills with experience of working in an agile environment
• Strong communication skills both combined with the ability to write clear & concise interpretations of complex sets of data
• Excellent self-motivation and interpersonal skills, with the ability to develop relationships across professional and organisational boundaries and encourage participation and knowledge sharing with other stakeholders
• Experience of maintaining full system & process documentation

 Knowledge of EPOS systems
 Expert in Microsoft Excel
 Experience of Microsoft Cloud SAAS environments
 Experience of risk management frameworks
 Experience of Microsoft SharePoint


 Trust-wide role, collaborating with and supporting colleagues across Scotland, as well as liaising with external parties and service providers

People Management
 None

Finance Management
 None

Tools / equipment / systems
• Microsoft packages (Word, Excel, PowerPoint, Access etc.) data processing, report preparation, etc.
• Microsoft SharePoint (creating and maintaining shared folders)

Application Deadline: Friday 02/12/2022