Qu’s mission is to deliver world class enterprise software to help restaurant chains thrive in the face of increasing complexity, opportunities, and challenges.
Based in Rosslyn, VA, Qu is backed by leading Silicon Valley investors that have also backed Google, Uber, and Dropbox.
We are seeking an enthusiastic Information Security Compliance and Risk Analyst ready to join a talented, hard-working, and ambitious Infosec team.
What you’ll do
The ideal candidate will possess a deep understanding of risk management practices, be adept at navigating privacy regulations, and have practical experience in implementing and auditing compliance programs related to PCI-DSS, PCI-SSF, SOC 2 and ISO 27001/27002. You will work closely with various teams to enhance the organization's security posture, ensure data privacy compliance, and support ongoing efforts to meet industry standards and regulations.
Responsibilities
- Manage and assess the effectiveness of the organization's information security governance framework.
- Support the development, maintenance, and enforcement of security policies, procedures, and controls to meet regulatory requirements.
- Assist with conducting assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as NIST CSF, NIST 800-53, FBI CJIS CSP, etc.)
- Oversee and support the implementation of PCI DSS/SSF compliance processes, controls, and audits.
- Conduct assessments and audits to ensure ongoing compliance with PCI DSS/SSF, SOC 2 and ISO 27001
- Support the implementation and maintenance of the ISO 27001 Information Security Management System (ISMS).
- Conduct internal audits and assessments to evaluate compliance with ISO 27001 standards and support certification activities.
- Assist in the development of risk management strategies aligned with ISO 27001 requirements.
- Monitor and ensure compliance with privacy regulations such as CCPA, GDPR (where applicable), PIPEDA (Canada), LFPDPPP (Mexico), and others applicable.
- Conduct audits and assessments to ensure data protection policies comply with regional privacy regulations and develop and implement privacy training programs and awareness initiatives for employees.
Experience We’re Looking For
- Bachelor's degree in Information Security, Computer Science, or a related field.
- Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations.
- Expertise in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP).
- Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance.
- Strong attention to detail and the ability to work independently.
- Excellent problem-solving skills with a proactive attitude toward risk mitigation.
- Strong ethical standards and commitment to data security and privacy.
Nice to have
- Experience and familiarity with cloud data security and working with public cloud solutions (AWS).
- Experience working with Governance Risk and Compliance technologies.
- Experience implementing Data Privacy Technologies.
- Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)