Key skills
CloudCyber SecuritySDLCJiraAgileCommunicationNetwork SecurityCloud Security
About this role
Role Overview
- Plan, execute, and manage information security audits aligned to PCI DSS, PCI P2PE, PCI PIN, ISO 27001, SOC 1, and SOC 2, including readiness assessments, gap analyses, and follow‑up reviews.
- Interpret and apply security frameworks and standards to business processes, technical architectures, and third‑party services, ensuring controls are effective, risk‑based, and audit‑ready.
- Collaborate with internal stakeholders (IT Infrastructure, Product, Security Architecture, Security Operations, Legal, etc.) to identify, document, and prioritize security and compliance gaps, and to define realistic remediation plans.
- Lead or support internal audits, vendor assessments, and third‑party audits (e.g., PCI QSA, ISO 27001 surveillance, SOC 1/2 examinations), coordinating evidence collection and documentation.
- Review and assess security policies, standards, and procedures to ensure alignment with applicable frameworks and regulatory requirements.
- Translate audit findings into clear, actionable recommendations for technical and non‑technical audiences, including risk owners, senior management, and external auditors.
- Support the preparation of audit reports, Attestations of Compliance (AOCs), SOC reports, and ISO statements of applicability, ensuring accuracy and completeness.
- Stay up to date with emerging threats, regulatory changes, and evolving control expectations and propose proactive improvements to the control environment.
- Provide guidance on secure SDLC, cloud security, data protection, and access management to ensure security and compliance are integrated into design and implementation.
Requirements
- Bachelor’s or Master’s degree in Information Security, Computer Science, Cybersecurity, or a related field, or equivalent professional experience.
- At least 5–7 years of experience in information security, audit, or GRC, with a proven track record in payment security and compliance.
- Demonstrable experience with PCI DSS (including familiarity with PCI 4.0), PCI P2PE, and PCI PIN standards, including working with acquiring banks, payment processors, and QSA firms.
- Strong understanding of general information security concepts, such as access control, cryptography, network security, logging and monitoring, incident response, and vulnerability management.
- Excellent written and verbal communication skills in English (and additional languages where applicable), with the ability to explain complex security and compliance topics to technical and non‑technical stakeholders.
- Ability to work independently, manage multiple priorities, and meet tight deadlines in a fast‑paced environment.
- Relevant certifications such as CISA, CISSP, CISM, PCI QSA, ISO 27001 LI/LA, or SOC 1/2 practitioner credentials.
- Experience working in fintech, payments, or card‑acquiring environments.
- Experience with agile methodologies, Jira, or similar tools for tracking findings, remediation plans, and evidence.
- Familiarity with GRC platforms or audit management tools used for control testing and evidence collection.
Tech Stack
- Cloud
- Cyber Security
- SDLC
Benefits
- Reasonable accommodations may be made in order to allow for an individual to perform the essential functions of this role successfully