This role is responsible for leading and managing information security audits across critical standards such as PCI DSS (including version 4.0), PCI P2PE, PCI PIN, ISO 27001, SOC 1, and SOC 2. The auditor will conduct readiness evaluations, gap analyses, and follow-up reviews to verify compliance and control integrity. Work includes interpreting complex security frameworks and applying them to technical systems, business operations, and third-party relationships.
Key Responsibilities
- Design and execute audit plans across multiple compliance domains, ensuring alignment with industry and regulatory expectations.
- Evaluate the design and effectiveness of security controls, identifying risks and recommending practical improvements.
- Collaborate with IT, product, legal, and security teams to document gaps, prioritize actions, and support remediation efforts.
- Lead or assist in internal audits, vendor reviews, and external assessments, coordinating evidence collection and stakeholder input.
- Review and assess security policies and procedures for consistency with applicable standards and regulations.
- Communicate findings clearly to technical and executive audiences, translating risk into actionable insights.
- Support the development of compliance deliverables, including audit reports, Attestations of Compliance, and SOC documentation.
- Monitor changes in regulations, threats, and control expectations to proactively strengthen the security posture.
- Advise on secure development practices, cloud infrastructure, data protection, and access governance to embed compliance early in design.
Qualifications
- University degree in Information Security, Cybersecurity, Computer Science, or equivalent experience.
- Minimum of 5–7 years in information security, audit, or governance, risk, and compliance (GRC), with direct experience in payment card security.
- Proven background with PCI standards, including engagement with QSAs, acquiring banks, and payment processors.
- Strong grasp of core security domains: access management, encryption, network security, logging, incident response, and vulnerability handling.
- Fluency in English, with strong communication skills for diverse audiences.
- Ability to work independently and manage multiple deadlines in a dynamic setting.
- Certifications such as CISA, CISSP, CISM, PCI QSA, ISO 27001 Lead Implementer/Auditor, or SOC practitioner credentials are strongly preferred.
- Experience in fintech, payments, or card-acquiring environments is essential.
- Familiarity with agile workflows, Jira, and GRC or audit management platforms for tracking findings and evidence.
Work Environment
This position operates under a hybrid model, requiring three days per week in the office. The organization supports an inclusive, merit-based culture where diversity is valued and all individuals are empowered to contribute. The role functions within a fast-paced setting focused on delivering secure, connected commerce solutions.
