Role Description The Security & Compliance Analyst is responsible for the organization’s security posture and compliance obligations, with a primary focus on PCI DSS. This role oversees ongoing compliance efforts, conducts assessments, manages evidence collection, and supports the remediation of compliance gaps across restaurants & marketplaces, e-commerce platforms, and point-of-sale environments. The Security & Compliance Analyst works closely with IT, Engineering, Operations, and third-party business partners to maintain secure environments and achieve successful PCI DSS certification. - Support and maintain the organization’s PCI DSS compliance program across all in-scope systems, networks, and business units. - Conduct internal PCI assessments, gap analyses, and readiness reviews to identify and remediate compliance deficiencies. - Maintain documentation of PCI controls, evidence, and audit artifacts in the company’s Governance, Risk, and Compliance (GRC) platform. - Partner with IT, Security, and Retail Operations to validate technical and procedural controls for compliance. - Coordinate with Qualified Security Assessors (QSAs) during annual assessments, providing documentation and remediation updates. - Monitor system changes, new technologies, and third-party services for PCI scope impact. - Track and report compliance status, risks, and remediation progress to management. - Develop and deliver PCI awareness training for staff and store-level employees handling payment data. - Review and assess vendor compliance with PCI DSS and ensure required Attestations of Compliance (AOC) are maintained. - Stay current on PCI DSS version updates, industry trends, and payment security best practices. - Support broader security and compliance initiatives beyond PCI, including vendor risk management, cloud security controls (AWS), and policy development as the program matures. Qualifications - Bachelor’s degree in Information Security, Information Technology, or related field (or equivalent experience). - 3–5 years of experience in IT security, compliance, or audit, preferably within a retail or financial environment. - Hands-on experience with PCI DSS compliance programs, evidence collection, and remediation management. - Preferred Certifications: PCI Professional (PCIP) or Certified Information Systems Auditor (CISA) preferred; CISSP or equivalent a plus. - Familiarity with network security, encryption, firewalls, vulnerability management, and logging systems. - Familiarity with cloud environments, particularly AWS; experience with services relevant to secure data handling and compliance (e.g., IAM, CloudWatch, Secrets Manager, VPC segmentation) is a plus. - Experience with compliance tracking, documentation, or GRC tools; familiarity with enterprise platforms such as ServiceNow or equivalent is a plus. - Knowledge of POS systems, cardholder data environments, and segmentation practices. - Strong attention to detail and analytical skills. - Excellent written and verbal communication skills. - Ability to work cross-functionally and manage multiple priorities in a fast-paced retail environment. Company Description On the Go has elevated the dining and retail experience for travelers by bringing together world-class hospitality, award-winning dining concepts, and forward-thinking technology. With more than 300 unique dining and retail locations across North America’s busiest airports, we’re fueled by a passion for creating exceptional guest experiences—made possible every day by our incredible Crewmembers. At On the Go, people truly come first. We invest in our teams, and foster growth in an exciting, fast-paced environment where everyone can shine. How we work is just as meaningful as what we accomplish. Our Values—Care, Continuous Improvement, Quality, and Teamwork—guide the way we show up for our guests and for each other. We’re committed to fostering an inclusive, safe, and uplifting workplace where people feel respected, empowered, and encouraged to bring their full selves to work.

Role Description Explore new possibilities and inspire innovation. You will collaborate and manage the team to perform effectively, engage with multiple teams, and contribute to key decisions. You will provide solutions to challenges for your immediate team and across multiple teams, all while reflecting expertise in Governance Risk Compliance. Join us in shaping a secure and resilient future together. - Design and implement security solutions that align with enterprise policies and risk frameworks. - Govern the use of enterprise security tools, architecture frameworks, and security solutions. - Build and enhance digital identity, platform security, data and artificial intelligence protection, and cloud security solutions. - Develop and maintain security operations centers to detect and respond to cyber threats. - Collaborate with onshore, nearshore, and offshore capabilities to transform security approaches. Qualifications - Expert proficiency in Governance Risk Compliance. - Advanced proficiency in ISO Security Standards. - A minimum of 2 years of experience in relevant related skills. - High School Diploma/GED in relevant field of studies. Requirements - Advanced Operational Technology Security. - Advanced Security Delivery Governance. - Intermediate risk assessment and mitigation. - Intermediate incident response coordination. - Beginner knowledge of cybersecurity frameworks. Company Description Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 791,000 people serving clients in more than 120 countries. - Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. - We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. - Our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. - We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities.

• Receive and analyze information security requests from internal and external users • Provide technical support and guidance on security best practices • Monitor, investigate, and respond to information security incidents • Document and report incidents, ensuring appropriate communication with stakeholders • Assist in implementing and maintaining security policies and procedures • Ensure employee adherence to security practices • Participate in identifying and analyzing vulnerabilities in systems and applications • Collaborate on recommending and applying mitigation measures • Contribute to training and information security awareness campaigns • Promote a security-aware culture across the organization • Support the preparation of security reports • Maintain up-to-date documentation and records of activities and incidents

Role Description - Daily management of alerts and reports across security tools (e.g. Trend Vision One, Vanta, Google Workspace Security Console, Google Cloud). - Monitor identified system vulnerabilities and coordinate with operations teams to ensure timely remediation. - Monitor and report on key security KPIs and metrics. - Participate in the identification, investigation, and management of information security incidents. - Maintain and update the organisation’s main information security risk register. - Assist in technical risk reviews of vendors and partners. - Attend Change Advisory Board (CAB) meetings and propose pragmatic, risk-reducing remediations for change requests. - Conduct basic internal penetration testing to identify and escalate readily preventable security issues. - Creation and management of Data Protection Impact Assessments (DPIAs) for existing and future projects and services. - Maintain the Record of Processing Activities (RoPA) database and ensure alignment with operational practices. - Support the ongoing maintenance and improvement of the ISMS in line with ISO 27001 requirements. - Manage the pipeline of required policy and procedure updates, ensuring documentation remains current and effective. - Provide audit support by liaising between auditors and internal teams for both internal and external audits (including SOC 2 and ISO 27001). - Assist in evidence collection, control validation, and remediation tracking. Qualifications - Proven experience in a Security, Compliance, or Privacy Analyst role. - Strong working knowledge of SOC 2 and ISO/IEC 27001 frameworks. - Familiarity with security monitoring and compliance tools (e.g. Vanta, SIEM platforms, cloud security tools). - Understanding of GDPR and UK data protection regulations. - Experience managing DPIAs and RoPA documentation. - Ability to interpret vulnerabilities and risks in a practical, business-focused way. - Strong organisational skills with attention to detail. - Effective communication skills, with the ability to work across technical and non-technical teams.