• Information Security Risk and Compliance Analyst

    Wawa, Inc. (IA)


    Job Description

    Job Title: Information Security Risk and Compliance Analyst

     

    Department: Information Technology

    Pay Band: Professional

    **Job Summary** **:** The Information Security Risk & Compliance Analyst is responsible for participating in the information security program to ensure that information assets and associated information systems are adequately protected in the digital ecosystem in which Wawa operates.

     

    This role participates in all day-to-day operations, functions and capabilities relating to technology risk and compliance. The role participates in the Information Security compliance program and is responsible for operating Wawa’s technology risk management processes, maintaining Wawa’s technology related Information Security policies, and completing risk assessments of technology related initiatives.

    Principal Duties:

    + Participate in the completion of assessments of operational security controls and in any required remediation.

    + Identify and document cyber risks and manage mitigation and follow up on open security risks. Report issues to Information Security stakeholders.

    + Participate in execution of information security testing for all areas of the technology operating environment (e.g., infrastructure reviews, vulnerability scanning) with a focus on leading in low risk areas.

    + Participate in the execution of the security awareness training program for all employees, contractors and approved system users.

    + Participate in the execution of Wawa's information security program, including meeting PCI compliance requirements and the ongoing development of the program.

    + Participate as a member of cross-department remediation projects by completing supporting security tasks.

    + Provide input for updates to information security policies and standards.

    + Execute the applicable information security management framework controls.

    + Provide technical support related to tools used to perform security and vulnerability assessments.

    + Participate in the development of asset inventories, including information assets in cloud services and in other vendors in the organization's ecosystem.

    + Participate in the support to Information Security Incident Response team during cyber incidents.

    + Support internal network between Information Security and information technology.

    + Act as technical consultant for the IT department to support new and existing technologies.

    + Participate in the technical deployment of security solutions that enhance Wawa's information security architecture.

    + Develop foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.

    + Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.

    + Provide technical assistance for technical security services.

    + Participate in IT and business-related projects as required. Provide guidance on low impact and complexity initiatives including current technology areas such as cloud services, mobile technology, data analytics, etc.

    Essential Functions:

    + Ability to work well individually as well as in a team environment.

    + Strong written and verbal communication skills, interpersonal and collaborative skills.

    + Up-to-date knowledge of methodologies and trends in both information security and IT.

    + Poise and ability to act calmly and competently in high-pressure, high-stress situations.

    + Must be a critical thinker, with strong problem-solving skills.

    + Ability to participate in one or more projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

    + Ability to lead small internal security technology projects and security remediation projects.

    + High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

    + High degree of initiative, dependability and ability to work with little supervision while being resilient to change.

    + Ability to be on-call 24x7x365 rotation for information security reviews of emergency changes and to support for information security incidents.

    + Ability to train others.

    Basic Requirements:

    + Minimum of 3 years of experience in a combination of incident response, information security and IT.

    + Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.

    + Degree in technology-related field preferred, or equivalent work- or education-related experience.

    + Professional security certification is required, such as Security+, Certified Ethical Hacking (CEH), GIAC Security Essentials (GSEC), or other similar credentials.

    + Foundational knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.

    + Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.

     

    Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at [email protected] .

     

    Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision.