Pci Compliance And Assurance Specialist Porto

Pci Compliance And Assurance Specialist
Porto
Porto, Porto District, Portugal

DISCLAIMER:

Applicants please apply direct to this post. We are not accepting resumes from agencies.

We are seeking a PCI Compliance and Assurance Specialist to lead and manage our PCI DSS certification process, ensuring compliance with regulatory requirements and maintaining security controls throughout the year.

This role will be responsible for collecting evidence, assessing controls, and preparing for audits while also providing consultation on PCI requirements to Engineering, Sec
Ops, and Architecture teams. Additionally, the role will support ISO 27001, SOC 2 Type 2, and other certification audits, assist with security assurance activities such as design reviews and client security questions, and collaborate with internal and external stakeholders to ensure compliance across the business.

The ideal candidate will have a strong technical background and experience working with multiple levels of stakeholders. A qualification as an ISA or QSA is desirable and would be beneficial in this role.

Report

The role will report into the Head of Information Security, Risk and Compliance

Responsibilities

• Lead and manage the annual PCI DSS certification process, including preparation, evidence collection, and assessments.
• Act as the primary point of contact for all PCI-related matters, working closely with both internal teams and external assessors.
• Monitor and assess PCI DSS controls and requirements, ensuring they are effectively implemented and maintained throughout the year.
• Work with Engineering, Sec
  Ops, and Architecture teams to provide PCI consultation and ensure
  -
  - design principles are followed.
• Conduct internal PCI assessments, gap analysis, and risk assessments to identify areas of improvement.
• Stay up to date with PCI DSS standard updates and ensure timely adaptation of new requirements.
• Manage and support ISO 27001 and SOC 2 Type 2 certification processes, ensuring evidence gathering, control validation, and audit preparation.
• Assist in responding to client security questionnaires and
  - party risk assessments, design reviews, and due diligence requests related to security and compliance.
• Collaborate with internal teams to ensure alignment between business operations and compliance obligations.
• Provide ongoing assurance to the business regarding security controls and regulatory compliance.

Skills and Experience:

• Certifications:
  
  QSA (Qualified Security Assessor) or ISA (Internal Security Assessor) desirable but not required. Other security certifications such as CISSP, CISM, CISA, or CRISC are advantageous.
• Strong understanding of PCI DSS requirements, controls, and assessment processes.
• Hands-on experience with security controls, cloud environments, and security architecture.
• Experience with ISO 27001, SOC 2 Type 2, or other security frameworks.
• Proven ability to work effectively with senior leadership, auditors, external partners, and
  - functional teams.
• Experience with design reviews, risk assessments, and security best practices.
• Strong written and verbal communication skills to effectively articulate compliance requirements and security risks.
• Proactive mindset with the ability to identify gaps, drive remediation efforts, and enhance compliance posture.

Why Join Paydock?

• Be part of a
  - growing, dynamic fintech space, innovating payment solutions with global banks.
• Solve complex, innovative challenges in partnership with global teams
• Enjoy a flexible and dynamic culture at Paydock, where collaboration across teams creates a varied and engaging workday.
• Work closely with leading financial institutions on
  - edge products.
• Opportunity to own the product marketing strategy for
  - impact product launches.
• Competitive compensation, flexible work arrangements, and a collaborative culture.