The Information Security & Compliance Analyst supports the execution of Cooper's Hawk Winery & Restaurants' Governance, Risk, and Compliance (GRC) program, with a primary focus on PCI DSS 4.0, SOX/ITGC, and NIST CSF 2.0. This individual contributor role is responsible for audit support, control validation, policy governance, and risk management activities.
The Analyst plays a key role in maintaining audit readiness, supporting successful audit outcomes, and advancing a structured and sustainable compliance and risk program. This includes supporting Third-Party Risk Management (TPRM) and Privacy initiatives through coordination, tracking, and execution activities, while program ownership remains with the VP of Information Security & GRC. The role partners closely with IT, business teams, and external auditors to ensure security controls are operating effectively and compliance obligations are consistently met.
This position reports to the VP of Information Security & GRC and works closely with the Manager, Security Engineering & Operations to align security controls with compliance and risk requirements.
How You Will Succeed:
PCI DSS & SOX/ITGC Compliance Execution
- Support execution of PCI DSS 4.0 compliance activities, including coordination with QSAs and audit preparation
- Support SOX/ITGC control execution, testing coordination, and evidence collection
- Maintain audit-ready documentation for all in-scope systems and controls
- Track control effectiveness and remediation activities
- Partner with IT and application teams to ensure timely completion of audit requests
Audit Coordination & Assurance
- Coordinate internal and external audits, including PCI and SOX
- Manage audit requests, evidence collection, and responses
- Track audit findings, remediation plans, and closure status
- Support reduction of repeat findings through structured follow-up and validation
Risk Management
- Maintain and update the cybersecurity risk register
- Support risk assessments across applications, infrastructure, and vendors
- Track remediation plans and risk acceptance decisions
- Prepare risk summaries and reporting for leadership and governance forums
- Partner with engineering and operations teams to ensure risks are understood and addressed
Policy & Governance
- Support development, maintenance, and lifecycle management of security policies, standards, and procedures
- Track policy reviews, updates, and approvals
- Support communication and awareness of policy requirements across the organization
- Ensure alignment with PCI DSS, SOX, and internal governance standards
Metrics, Reporting & Program Tracking
- Develop and maintain dashboards for compliance status, audit progress, and risk metrics
- Track remediation activities and key program initiatives
- Prepare reporting for leadership and governance committees
Program Support (TPRM & Privacy)
- Support execution of Third-Party Risk Management activities, including:
- Vendor risk assessments and security questionnaires
- SOC report reviews (SOC 1, SOC 2)
- Risk tracking and follow-ups
- Support Privacy program activities through documentation, tracking, and coordination
- Assist with intake and workflow management, while program ownership remains with leadership
What You'll Need:
Basic Qualifications:
- Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent professional experience
- 3-6 years of experience in information security, risk, or compliance
- Experience supporting PCI DSS and/or SOX/ITGC programs
- Experience with audit coordination, control testing, and evidence collection
- Exposure to risk management practices and frameworks.
- Certifications such as Security+, CISA, PCI ISA, or similar are a plus.
Other Skills/Abilities:
- Strong organizational and prioritization skills, with the ability to manage multiple initiatives, deadlines, and competing requests.
- Hospitality industry experience will be a plus.
- Excellent analytical and problem-solving skills, with a practical, customer-focused approach to security challenges.
- Ability to communicate clearly and effectively with technical and non-technical stakeholders across IT, business, and restaurant operations.
- Experience in hospitality or retail environments.
Compensation Range: $100,000 - $120,000. The final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity.
What You'll Get:
- Incredible Discounts:
- Monthly Dining Allowance
- 50% Dining and Carryout
- 40% Retail Wine
- 20% Retail and Private Events
- Monthly Complimentary Wine Tasting for Two
- Medical, Prescription, Dental, Vision Insurance plus Telemedicine and Wellness Program
- Company Matching 401(k) Retirement Savings Plan
- Flexible Savings Accounts- Health and Dependent Care
- Health Savings Account
- Long-Term Disability; Voluntary Short-Term Disability
- Basic Life and AD&D Insurance (with option to purchase additional coverage)
- Paid Parental Leave
- Highly Competitive Pay plus Team Member Incentives & Rewards
- Paid Time Off
- Milestones Recognition Program
- Complimentary Gym Membership in RSC Building
- Hybrid Work Week (3 days in office, 2 days remote, depending on role)
