Note: The job is a remote job and is open to candidates in USA. OTG Management is a company that enhances the dining and retail experience for travelers. They are seeking a Security & Compliance Analyst responsible for overseeing the organization’s security posture and compliance obligations, particularly focusing on PCI DSS.
Responsibilities
- Support and maintain the organization’s PCI DSS compliance program across all in-scope systems, networks, and business units
- Conduct internal PCI assessments, gap analyses, and readiness reviews to identify and remediate compliance deficiencies
- Maintain documentation of PCI controls, evidence, and audit artifacts in the company’s Governance, Risk, and Compliance (GRC) platform
- Partner with IT, Security, and Retail Operations to validate technical and procedural controls for compliance
- Coordinate with Qualified Security Assessors (QSAs) during annual assessments, providing documentation and remediation updates
- Monitor system changes, new technologies, and third-party services for PCI scope impact
- Track and report compliance status, risks, and remediation progress to management
- Develop and deliver PCI awareness training for staff and store-level employees handling payment data
- Review and assess vendor compliance with PCI DSS and ensure required Attestations of Compliance (AOC) are maintained
- Stay current on PCI DSS version updates, industry trends, and payment security best practices
- Support broader security and compliance initiatives beyond PCI, including vendor risk management, cloud security controls (AWS), and policy development as the program matures
Skills
- Bachelor's degree in Information Security, Information Technology, or related field (or equivalent experience)
- 3–5 years of experience in IT security, compliance, or audit, preferably within a retail or financial environment
- Hands-on experience with PCI DSS compliance programs, evidence collection, and remediation management
- Familiarity with network security, encryption, firewalls, vulnerability management, and logging systems
- Knowledge of POS systems, cardholder data environments, and segmentation practices
- Strong attention to detail and analytical skills
- Excellent written and verbal communication skills
- Ability to work cross-functionally and manage multiple priorities in a fast-paced retail environment
- PCI Professional (PCIP) or Certified Information Systems Auditor (CISA) preferred; CISSP or equivalent a plus
- Familiarity with cloud environments, particularly AWS; experience with services relevant to secure data handling and compliance (e.g., IAM, CloudWatch, Secrets Manager, VPC segmentation) is a plus
- Experience with compliance tracking, documentation, or GRC tools; familiarity with enterprise platforms such as ServiceNow or equivalent is a plus
Company Overview