Information Security & Compliance Analyst

Ready to be part of something extraordinary? At Cooper's Hawk, connection is at the heart of everything we do, and we're looking for passionate people to join us. When you become part of our team, you step into a collaborative, supportive culture built on Uncompromising Hospitality, where standards and genuine care come together to create something truly unforgettable. As we continue our exciting journey, you'll help us deliver unforgettable experiences to our Wine Club Members and the entire Cooper's Hawk community.

Join us, and let's turn moments into lasting memories.

The Information Security & Compliance Analyst supports the execution of Cooper's Hawk Winery & Restaurants' Governance, Risk, and Compliance (GRC) program, with a primary focus on PCI DSS 4.0, SOX/ITGC, and NIST CSF 2.0. This individual contributor role is responsible for audit support, control validation, policy governance, and risk management activities.

The Analyst plays a key role in maintaining audit readiness, supporting successful audit outcomes, and advancing a structured and sustainable compliance and risk program. This includes supporting Third-Party Risk Management (TPRM) and Privacy initiatives through coordination, tracking, and execution activities, while program ownership remains with the VP of Information Security & GRC. The role partners closely with IT, business teams, and external auditors to ensure security controls are operating effectively and compliance obligations are consistently met.

This position reports to the VP of Information Security & GRC and works closely with the Manager, Security Engineering & Operations to align security controls with compliance and risk requirements.

How You Will Succeed:

PCI DSS & SOX/ITGC Compliance Execution

• Support execution of PCI DSS 4.0 compliance activities, including coordination with QSAs and audit preparation
• Support SOX/ITGC control execution, testing coordination, and evidence collection
• Maintain audit-ready documentation for all in-scope systems and controls
• Track control effectiveness and remediation activities
• Partner with IT and application teams to ensure timely completion of audit requests

Audit Coordination & Assurance

• Coordinate internal and external audits, including PCI and SOX
• Manage audit requests, evidence collection, and responses
• Track audit findings, remediation plans, and closure status
• Support reduction of repeat findings through structured follow-up and validation

Risk Management

• Maintain and update the cybersecurity risk register
• Support risk assessments across applications, infrastructure, and vendors
• Track remediation plans and risk acceptance decisions
• Prepare risk summaries and reporting for leadership and governance forums
• Partner with engineering and operations teams to ensure risks are understood and addressed

Policy & Governance

• Support development, maintenance, and lifecycle management of security policies, standards, and procedures
• Track policy reviews, updates, and approvals
• Support communication and awareness of policy requirements across the organization
• Ensure alignment with PCI DSS, SOX, and internal governance standards

Metrics, Reporting & Program Tracking

• Develop and maintain dashboards for compliance status, audit progress, and risk metrics
• Track remediation activities and key program initiatives
• Prepare reporting for leadership and governance committees

Program Support (TPRM & Privacy)

• Support execution of Third-Party Risk Management activities, including:
• Vendor risk assessments and security questionnaires
• SOC report reviews (SOC 1, SOC
  2)
• Risk tracking and follow-ups
• Support Privacy program activities through documentation, tracking, and coordination
• Assist with intake and workflow management, while program ownership remains with leadership

What You'll Need:

Basic Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent professional experience
• 3-6 years of experience in information security, risk, or compliance
• Experience supporting PCI DSS and/or SOX/ITGC programs
• Experience with audit coordination, control testing, and evidence collection
• Exposure to risk management practices and frameworks.
• Certifications such as Security+, CISA, PCI ISA, or similar are a plus.

Other Skills/Abilities:

• Strong organizational and prioritization skills, with the ability to manage multiple initiatives, deadlines, and competing requests.
• Hospitality industry experience will be a plus.
• Excellent analytical and problem-solving skills, with a practical, customer-focused approach to security challenges.
• Ability to communicate clearly and effectively with technical and non-technical stakeholders across IT, business, and restaurant operations.
• Experience in hospitality or retail environments.

Compensation Range: $100,000 - $120,000. The final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity.

What You'll Get:

• Incredible Discounts:
• Monthly…