Ziosk is revolutionizing the $472 billion restaurant industry by providing on-the-table payment and guest ordering experiences.
Today there are over 190,000 Ziosk tablets deployed nationwide at over 3,000 restaurants including Olive Garden, Red Robin, Outback, TGI Friday’s, Yard House, and processing over $12 Billion in payments per year.
We are expanding our team in the areas of development, sales and customer service to support this growth.
The Security and Compliance Administrator will report to the IT Director. This role is charged with maintaining security protocols throughout the organization. They will work with a team of IT professionals to ensure confidentiality and data security while focused on business objectives. The Security and Compliance Administrator is expected to proactively discover vulnerabilities and to update practices in accordance with data sensitivity characteristics. They will also be responsible for coordinating security-related activities along with maintaining compliance practices, some of which are outside traditional IT boundaries. They will steadily author, collect, and interpret data and reports to continuously assess the compliance status of business operations.
- Review, draft, and create company policies related to security as well as security-related procedure/process documents that implement stated policies. These will contribute to satisfying various standards, including: PCI DSS, PCI PA-DSS, PCI PTS, Mastercard TQM, CCPA.
- Execute internal and external vulnerability scans in concert with scanning vendors.
- Design and drive IT team activities related to implementation of policies and remediation of vulnerabilities.
- Participate in support case resolution related to security approvals and requests.
- Manage QSA vendor and other auditor or assessor relationships.
- Provide architectural guidance, consulting, and design to other teams.
- Manage annual PCI PA-DSS audit and annual PCI DSS audit.
- Co-manage security-related platforms including SIEM, Internal PKI, External PKI, security and key vaults, Office 365 security facets (MDM, Data Loss Prevention, Information Rights Management), Public DNS and Domain registration, E-mail/Messaging security (SFP, DKIM, encryption), Active Directory Group Policy, eDiscovery, and Security awareness and training platform.
- Monitor for emerging security risks and plan business-specific responses.
- Collect or generate reports and actionable intelligence from various sources to continuously audit security/compliance posture against stated policies and procedures.
- Govern routine meetings and review of security aspects mandated by applicable standards, principally PCI.
- Follow up on logs and notifications.
- Adhere to a security vision that includes a preventative approach to compliance and provide ongoing maintenance and documentation for PCI and other compliance standards.
- 5+ years background in IT systems and/or network administration and operations is preferred.
- Strong verbal and written abilities.
- 3+ years working in settings subject to routine security audits.
- 3+ years contributing to or directing external security audits.
- Direct experience implementing or supporting PCI SSC standards is strongly preferred.
- Experience in any payments related industry or implementing governmental standards (e.g. HIPPA, SOX, GDPR, etc.) is a plus.
- Security certifications such as Security+, CISSP, or similar are desirable.
- Any industry certifications related to IT systems or networking.
- Working knowledge of Windows Servers, Linux, and other various server-side technologies.
- Solid understanding of networking protocols including TCP, UDP, SSL, DNS, SMTP.
- Proficient with Excel for tabular data analysis and basic graphing and reporting.
- Experience working with SIEM systems.
- Knowledge of Visio and experience creating architecture diagrams.
- Must be willing to document work effort on an ongoing basis.
- Flexible and adaptable to business needs.
Ziosk is an Equal Opportunity employer offering competitive benefits and compensation. Candidates must be eligible to work in the U.S. and be able to commute daily to office. No agencies or third-party recruiters, please.