Information Security & Compliance Analyst

Ready to be part of something extraordinary? At Cooper’s Hawk, connection is at the heart of everything we do, and we’re looking for passionate people to join us. When you become part of our team, you step into a collaborative, supportive culture built on Uncompromising Hospitality, where standards and genuine care come together to create something truly unforgettable. As we continue our exciting journey, you’ll help us deliver unforgettable experiences to our Wine Club Members and the entire Cooper’s Hawk community. Join us, and let’s turn moments into lasting memories.

The Information Security & Compliance Analyst supports the execution of Cooper’s Hawk Winery & Restaurants’ Governance, Risk, and Compliance (GRC) program, with a primary focus on PCI DSS 4.0, SOX/ITGC, and NIST CSF 2.0. This individual contributor role is responsible for audit support, control validation, policy governance, and risk management activities.

The Analyst plays a key role in maintaining audit readiness, supporting successful audit outcomes, and advancing a structured and sustainable compliance and risk program. This includes supporting Third-Party Risk Management (TPRM) and Privacy initiatives through coordination, tracking, and execution activities, while program ownership remains with the VP of Information Security & GRC. The role partners closely with IT, business teams, and external auditors to ensure security controls are operating effectively and compliance obligations are consistently met.

This position reports to the VP of Information Security & GRC and works closely with the Manager, Security Engineering & Operations to align security controls with compliance and risk requirements.

How You Will Succeed:

PCI DSS & SOX/ITGC Compliance Execution

• Support execution of PCI DSS 4.0 compliance activities, including coordination with QSAs and audit preparation
• Support SOX/ITGC control execution, testing coordination, and evidence collection
• Maintain audit-ready documentation for all in-scope systems and controls
• Track control effectiveness and remediation activities
• Partner with IT and application teams to ensure timely completion of audit requests
  
  

Audit Coordination & Assurance

• Coordinate internal and external audits, including PCI and SOX
• Manage audit requests, evidence collection, and responses
• Track audit findings, remediation plans, and closure status
• Support reduction of repeat findings through structured follow-up and validation
  
  

Risk Management

• Maintain and update the cybersecurity risk register
• Support risk assessments across applications, infrastructure, and vendors
• Track remediation plans and risk acceptance decisions
• Prepare risk summaries and reporting for leadership and governance forums
• Partner with engineering and operations teams to ensure risks are understood and addressed
  
  

Policy & Governance

• Support development, maintenance, and lifecycle management of security policies, standards, and procedures
• Track policy reviews, updates, and approvals
• Support communication and awareness of policy requirements across the organization
• Ensure alignment with PCI DSS, SOX, and internal governance standards
  
  

Metrics, Reporting & Program Tracking

• Develop and maintain dashboards for compliance status, audit progress, and risk metrics
• Track remediation activities and key program initiatives
• Prepare reporting for leadership and governance committees
  
  

Program Support (TPRM & Privacy)

• Support execution of Third-Party Risk Management activities, including:
• Vendor risk assessments and security questionnaires
• SOC report reviews (SOC 1, SOC 2)
• Risk tracking and follow-ups
• Support Privacy program activities through documentation, tracking, and coordination
• Assist with intake and workflow management, while program ownership remains with leadership
  
  

What You’ll Need:

Basic Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent professional experience
• 3–6 years of experience in information security, risk, or compliance
• Experience supporting PCI DSS and/or SOX/ITGC programs
• Experience with audit coordination, control testing, and evidence collection
• Exposure to risk management practices and frameworks.
• Certifications such as Security , CISA, PCI ISA, or similar are a plus.
  
  

Other Skills/Abilities:

• Strong organizational and prioritization skills, with the ability to manage multiple initiatives, deadlines, and competing requests.
• Hospitality industry experience will be a plus.
• Excellent analytical and problem-solving skills, with a practical, customer-focused approach to security challenges.
• Ability to communicate clearly and effectively with technical and non-technical stakeholders across IT, business, and restaurant operations.
• Experience in hospitality or retail environments.
  
  

Compensation Range: $100,000 - $120,000. The final offered salary will be based on several factors, including but not limited to the candidate’s depth of experience, skill set, qualifications, and internal pay equity.

What You’ll Get:

• Incredible Discounts:
• Monthly Dining Allowance
• 50% Dining and Carryout
• 40% Retail Wine
• 20% Retail and Private Events
• Monthly Complimentary Wine Tasting for Two
• Medical, Prescription, Dental, Vision Insurance plus Telemedicine and Wellness Program
• Company Matching 401(k) Retirement Savings Plan
• Flexible Savings Accounts- Health and Dependent Care
• Health Savings Account
• Long-Term Disability; Voluntary Short-Term Disability
• Basic Life and AD&D Insurance (with option to purchase additional coverage)
• Paid Parental Leave
• Highly Competitive Pay plus Team Member Incentives & Rewards
• Paid Time Off
• Milestones Recognition Program
• Complimentary Gym Membership in RSC Building
• Hybrid Work Week (3 days in office, 2 days remote, depending on role)
  
  

Cooper’s Hawk is an equal opportunity employer.  All qualified applicants are considered for employment without regard to the person’s race, color, religion, national origin, sex, sexual orientation, age, marital status, veteran status, disability, or any other characteristic protected by applicable law. Cooper’s Hawk makes reasonable accommodations during all aspects of the employment process, including during the interview process.

The information provided above indicates the general nature and level of work required of the position and is not a comprehensive list of all responsibilities or qualifications. The Benefits list is only a highlight of some of the benefits offered to team members; eligibility for certain benefits apply.

About Us

Cooper's Hawk features a Napa-style tasting room with wine-inspired retail for entertaining and a full-service restaurant, bar and private event space, offering a modern-yet-casual dining experience. Each scratch-kitchen menu item is designed to pair with our wines. Speaking of wine...the Cooper's Hawk Wine Club is perhaps the largest in the world, offering not only top-notch award-winning wines but also exclusive Wine Club membership benefits, including curated dining and travel experiences. Since 2005, we've brought the Napa Valley experience to our guests and Wine Club members, and now, with Piccolo Buco by Cooper’s Hawk, we’re bringing the vibrant flavors of Rome to them as well. Together, we’re creating a lifestyle brand like no other.