It Risk & Compliance Manager Porto

It Risk & Compliance Manager
Porto
Porto, Porto District, Portugal

Job Title:

Engineering Risk & Compliance Manager (Software Background required)

Location:

Porto, Portugal

Employment Type:

Contract or Permanent

Job Description:

We are seeking a
-
- hire Engineering Risk & Compliance Manager to drive our PCI DSS (Payment Card Industry Data Security Standard) GDPR, and other compliance initiatives across PMS platform engineering and Dev
Ops.

This role is embedded within our technical organization and acts as a dedicated stakeholder responsible for aligning our infrastructure, development workflows, and data handling practices with regulatory and security standards.

You will partner closely with engineering, Dev
Ops, legal, and leadership to ensure that security and privacy are implemented by design - not as an afterthought.

The ideal candidate has a strong technical understanding of
- native and hybrid environments and is comfortable translating regulatory obligations into practical, enforceable controls within the software delivery lifecycle.

Key Responsibilities:

- Drive PCI DSS (Payment Card Industry Data Security Standard) and GDPR compliance across engineering and infrastructure, including internal readiness for assessments, SAQ/ROC (Self-Assessment Questionnaire) & (Report on Compliance) submissions, and ongoing data protection obligations.

- Collaborate with Dev
Ops, legal, and product teams to implement security controls and monitor compliance for access management, encryption, logging, vulnerability management, and
- party integrations.

- Establish and enforce policies for secure logging, data retention, redaction, and incident response processes to address security/privacy issues (e. G. , data exposure, unauthorized access).

- Conduct gap analyses, risk assessments, and compliance audits to identify security and regulatory deficiencies, while defining and implementing security controls aligned with industry standards.

- Maintain a living risk register and compliance tracking system, ensuring all technical and regulatory controls are met and up to date.

- Provide guidance to developers and Dev
Ops on secure and
- conscious implementation practices within product and infrastructure workflows.

- Assist with audit and certification preparation, working with QSAs, auditors, and regulators to ensure smooth compliance evaluations and reporting.

- Collaborate with security teams to ensure continuous monitoring, incident response readiness, and documentation of security policies, compliance activities, and remediation efforts.

- Regularly report on compliance status, risks, and findings to technical leadership, ensuring alignment with regulatory obligations and security standards.

Required Qualifications:

- 5+ years of experience in a security, privacy, or compliance role with strong alignment to engineering and infrastructure teams.

- Strong knowledge of network security, encryption, identity management, vulnerability management, and security architecture.

- Ability to translate compliance mandates into technical requirements for developers and Dev
Ops teams.

- Proven experience driving PCI DSS and GDPR compliance initiatives in
- native (AWS preferred) as well as
- premises environments.

- Experience working with auditors, QSAs, and regulators to achieve and maintain compliance.

- Hands-on understanding of secure development practices, CI/CD pipelines, and
-
- code.

- Familiarity with tools and processes for logging, monitoring, vulnerability scanning, and audit automation.

- Experience leading or coordinating audits, gap assessments, and incident response postmortems.

- Strong communication and documentation skills;

able to translate technical controls into business risks and vice versa.

- Excellent analytical and
- solving skills.

- Fluent in English (written and verbal).

Additional Qualifications (Nice to Have):

- Certification(s):

PCI ISA, CIPP/E, CISA, CISSP, or similar.

- Experience working in a regulated or
- facing Saa
S or hospitality tech environment.

- Familiarity with Apptio Cloudability, AWS Cost Optimization Hub, or similar tools.

- Knowledge of other frameworks like ISO 27001, SOC 2, or NIS2 is a plus.

- Experience working with fiscal compliance regulations (e. G. , Kassen
Sich
V, RKSV, Fiskalizacija) in hospitality, retail, or POS/PMS systems is a strong plus.

First 180 Day Expectations:

30 Days

o Understand our product, infrastructure, architecture, and existing compliance posture.

o Review past audits, risk assessments, and current control implementations.

o Map key stakeholders across Dev
Ops, engineering, legal, and leadership.

o Begin
- level gap assessment for PCI DSS and GDPR obligations.

60 Days

o Deliver a detailed compliance gap analysis with prioritized action items.

o Lead implementation of
- term controls (e. G. , logging cleanup, access reviews, DPA updates).

o Define and socialize the engineering compliance roadmap with clear milestones and ownership.

o Begin documenting policies and procedures for critical controls.

90 Days

o Embed compliance checks into engineering and infrastructure workflows (e. G. , CI/CD, logging standards, infrastructure tagging).

o Prepare or update PCI ROC/SAQ documentation and GDPR records of processing activities.

o Coordinate any external audit preparation activities if applicable.

o Provide
- based reporting on all compliance initiatives and issues.

o Own a live compliance dashboard with tracking of all PCI/GDPR controls.

o Achieve completion of prioritized remediation items and launch of evergreen compliance processes.

APPLY HERE or via email at:

menna. chikhi@lafosse.com