IT Compliance and Security Analyst

Who we Are: Yesway is an award-winning convenience store operator established in 2015 and headquartered in Fort Worth, Texas. With 434 stores across nine states in the Midwest and Southwest, Yesway is renowned for its iconic food service offerings, diverse grocery selections, and private-label products, including the renowned Allsups deep-fried burrito. Through strategic acquisitions, new store developments, and a commitment to customer satisfaction, Yesway continues to solidify its position as one of the leading convenience retailers in the United States. For more information, visit www.yesway.com. Position Responsibilities: Ensure adherence with IT policies, procedures, and processes in accordance with business and regulatory requirements. Develop and lead the global information technology compliance program in the areas of information security (PCI, PII, NIST, SOC1/2, SOX, etc.), working in partnership with key stakeholders in the company that include Operations, Legal, Finance, Accounting, Marketing and HR. Create IT standard operating procedures and ensure adherence to the organization's SOIs, IT Controls framework, and System Development Life Cycle (SDLC), ensuring current projects meet business and regulatory requirements. Manage responses to all IT related audits and privacy related inspections, including PCI, PII and Financial SOX. Use technical knowledge to create solutions for system deficiencies and support continuous quality improvement to IT processes and procedures. Ensure timely completion of regulatory documentation, including compliance related to PCI. Manage relationships with and audit services of external service providers (SAAS and cloud) to ensure SLA compliance with internal security and compliance requirements. Review and approve network security-related changes as part of a corporate change management process. Assist peers in related responsibilities, as appropriate, during installation and relocation of infrastructure. Qualifications: Bachelors degree in computer science or a related field or equivalent combination of education and related experience. Four or more years experience in Information Security and IT Quality-related areas. In depth knowledge and understanding of Payment Card Industry Data Security Standards (PCI DSS), compliance requirements and experience developing and implementing PCI compliance policies and procedures. Excellent attention to detail with analytical and problem-solving abilities. Ability to manage multiple shifting priorities and direct the work of others to meet deliverable due dates. Familiarity with security information and event management (SIEM) tools, vulnerability assessment tools, and antivirus software. Conducting risk assessments and developing mitigation strategies. Skills in ethical hacking and penetration testing to proactively identify vulnerabilities. Understanding legal implications and requirements related to data privacy and cybersecurity. Developing and implementing disaster recovery and business continuity plans. Preferred Skills and Competencies: Excellent organizational, written, and verbal communication skills with the ability to present data and other pertinent information to a variety of audiences. Highly ethical and transparent, with professional sensitivity and care. Yesway is proud to be an Equal Opportunity Employer. LI-BM2 LI-ONSITE