HiringCafe
Posted 1w ago

Security & Compliance Analyst

@ OTG
View All Jobs
New York, New York, United States
$90k-$110k/yrRemoteFull Time
Responsibilities:maintaining PCI, conducting assessments, coordinating QSAs
Requirements Summary:Manage PCI DSS program, perform assessments, maintain evidence, coordinate with QSAs and cross-functional teams.
Technical Tools Mentioned:PCI DSS, GRC tools, AWS, ServiceNow, POS systems
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Title: A logo with orange lettersAI-generated content may be incorrect.

 

Job Title: Security & Compliance Analyst

Location: Home Office

Compensation: $90,000 - $110,000 per year

 

Who We Are

On the Go has elevated the dining and retail experience for travelers by bringing together world-class hospitality, award-winning dining concepts, and forward-thinking technology. With more than 300 unique dining and retail locations across North America’s busiest airports, we’re fueled by a passion for creating exceptional guest experiences—made possible every day by our incredible Crewmembers. At On the Go, people truly come first. We invest in our teams, and foster growth in an exciting, fast-paced environment where everyone can shine.

 

How We Do Business

How we work is just as meaningful as what we accomplish. Our Values—Care, Continuous Improvement, Quality, and Teamwork—guide the way we show up for our guests and for each other. We’re committed to fostering an inclusive, safe, and uplifting workplace where people feel respected, empowered, and encouraged to bring their full selves to work. 

 

Why This Job Is a Big Deal!

The Security & Compliance Analyst is responsible for the organization’s security posture and compliance obligations, with a primary focus on PCI DSS. This role oversees ongoing compliance efforts, conducts assessments, manages evidence collection, and supports the remediation of compliance gaps across restaurants & marketplaces, e-commerce platforms, and point-of-sale environments. The Security & Compliance Analyst works closely with IT, Engineering, Operations, and third-party business partners to maintain secure environments and achieve successful PCI DSS certification.

 

In this Role you will…

Support and maintain the organization’s PCI DSS compliance program across all in-scope systems, networks, and business units.

Conduct internal PCI assessments, gap analyses, and readiness reviews to identify and remediate compliance deficiencies.

Maintain documentation of PCI controls, evidence, and audit artifacts in the company’s Governance, Risk, and Compliance (GRC) platform.

Partner with IT, Security, and Retail Operations to validate technical and procedural controls for compliance.

Coordinate with Qualified Security Assessors (QSAs) during annual assessments, providing documentation and remediation updates.

Monitor system changes, new technologies, and third-party services for PCI scope impact.

Track and report compliance status, risks, and remediation progress to management.

Develop and deliver PCI awareness training for staff and store-level employees handling payment data.

Review and assess vendor compliance with PCI DSS and ensure required Attestations of Compliance (AOC) are maintained.

Stay current on PCI DSS version updates, industry trends, and payment security best practices.

Support broader security and compliance initiatives beyond PCI, including vendor risk management, cloud security controls (AWS), and policy development as the program matures.

 

Qualifications

Education & Experience

Bachelor’s degree in Information Security, Information Technology, or related field (or equivalent experience).

3–5 years of experience in IT security, compliance, or audit, preferably within a retail or financial environment.

Hands-on experience with PCI DSS compliance programs, evidence collection, and remediation management.

Preferred Certifications

PCI Professional (PCIP) or Certified Information Systems Auditor (CISA) preferred; CISSP or equivalent a plus.

 

Technical Skills

Familiarity with network security, encryption, firewalls, vulnerability management, and logging systems.

Familiarity with cloud environments, particularly AWS; experience with services relevant to secure data handling and compliance (e.g., IAM, CloudWatch, Secrets Manager, VPC segmentation) is a plus.

Experience with compliance tracking, documentation, or GRC tools; familiarity with enterprise platforms such as ServiceNow or equivalent is a plus.

Knowledge of POS systems, cardholder data environments, and segmentation practices.

 

Soft Skills

Strong attention to detail and analytical skills.

Excellent written and verbal communication skills.

Ability to work cross-functionally and manage multiple priorities in a fast-paced retail environment.

 

Equal Opportunity Employer

We’re proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status.

 

 

 

 

#LI-MS1