PCI Compliance & Assurance Specialist

We are seeking a PCI Compliance and Assurance Specialist to lead and manage our PCI DSS certification process, ensuring compliance with regulatory requirements and maintaining security controls throughout the year.

This role will be responsible for collecting evidence, assessing controls, and preparing for audits while also providing consultation on PCI requirements to Engineering, SecOps, and Architecture teams. Additionally, the role will support ISO 27001, SOC 2 Type 2, and other certification audits, assist with security assurance activities such as design reviews and client security questions, and collaborate with internal and external stakeholders to ensure compliance across the business.

The ideal candidate will have a strong technical background and experience working with multiple levels of stakeholders. A qualification as an ISA or QSA is desirable and would be beneficial in this role.

Key Responsibilities:

• Lead and manage the annual PCI DSS certification process, including preparation, evidence collection, and assessments.
• Act as the primary point of contact for all PCI-related matters, working closely with both internal teams and external assessors.
• Monitor and assess PCI DSS controls and requirements, ensuring they are effectively implemented and maintained throughout the year.
• Work with Engineering, SecOps, and Architecture teams to provide PCI consultation and ensure security-by-design principles are followed.
• Conduct internal PCI assessments, gap analysis, and risk assessments to identify areas of improvement.
• Stay up to date with PCI DSS standard updates and ensure timely adaptation of new requirements.
• Manage and support ISO 27001 and SOC 2 Type 2 certification processes, ensuring evidence gathering, control validation, and audit preparation.
• Assist in responding to client security questionnaires and third-party risk assessments, design reviews, and due diligence requests related to security and compliance.
• Collaborate with internal teams to ensure alignment between business operations and compliance obligations.
• Provide ongoing assurance to the business regarding security controls and regulatory compliance.

Skills & Experience:

• Certifications: QSA (Qualified Security Assessor) or ISA (Internal Security Assessor) desirable but not required. Other security certifications such as CISSP, CISM, CISA, or CRISC are advantageous.
• Strong understanding of PCI DSS requirements, controls, and assessment processes.
• Hands-on experience with security controls, cloud environments, and security architecture.
• Experience with ISO 27001, SOC 2 Type 2, or other security frameworks.
• Proven ability to work effectively with senior leadership, auditors, external partners, and cross-functional teams.
• Experience with design reviews, risk assessments, and security best practices.
• Strong written and verbal communication skills to effectively articulate compliance requirements and security risks.
• Proactive mindset with the ability to identify gaps, drive remediation efforts, and enhance compliance posture.

Report to:

The role will report into the Head of Information Security, Risk and Compliance.

Location:

UK Remote or Portugal Remote

If you are interested in applying for the role please send an up to date CV to [email protected]