Information Security Risk and Compliance Analyst - Wawa

Key Responsibilities

• Conduct risk assessments and gap analyses to identify security vulnerabilities across systems and processes.
• Maintain and enforce compliance with ISO 27001, NIST Cybersecurity Framework, PCI DSS, and other relevant regulations.
• Develop, document, and update security policies, procedures, and control frameworks.
• Collaborate with IT and business units to remediate findings and implement risk mitigation strategies.
• Support internal and external audits, preparing evidence and responding to auditor inquiries.
• Utilize GRC platforms and security monitoring tools to track compliance status and generate reports for leadership.

Requirements

• 3+ years of experience in information security risk management or compliance.
• Hands‑on knowledge of ISO 27001, NIST, PCI DSS, or similar frameworks.
• Proficiency with GRC software (e.g., RSA Archer, ServiceNow GRC) and security monitoring solutions.
• Strong analytical, documentation, and communication skills.
• Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer preferred.