Information Security Analyst
Company Description We’re http://checkout.comCheckout.com http://Checkout.com. You might not know our name, but companies like eBay, Spotify, Klarna, Uber, and Sony do, because we’re behind many of the digital experiences you use every day. We are where the world checks out, enabling over 10 billion transactions yearly for more than one billion global shoppers. Whether you want to book a holiday, order food, renew a subscription, or check out online, there’s a good chance our tech powers the payments behind the scenes. Our platform helps the most ambitious businesses deliver effortless digital experiences, at scale. If you want to do career-defining work, you’ve come to the right place. We move fast, think globally, and believe great teams are built by hiring exceptional people with conviction, curiosity, and the desire to make an impact. With 20 offices across six continents and London as our HQ, we’re shaping the future of fintech – and we’re just getting started. The Role As an Information Security Analyst at Checkout.com http://Checkout.com, you will work across the full breadth of the information security function, spanning Governance, Risk and Compliance (GRC), AI Governance, Application Security (AppSec), Technology Risk, and Data Governance. This is a role for someone who has built a solid foundation in information security and is ready to move from guided execution to genuine ownership of tasks and smaller workstreams. Security at Checkout operates at scale and at pace. We are a global payments business, regulated across multiple jurisdictions, building infrastructure that processes billions of transactions. Our security function needs analysts who understand how different domains fit together, communicate clearly with technical and non-technical colleagues, and take accountability for the quality of their work. At L2 you will implement security controls, respond to security incidents, identify risks, and support compliance activities across multiple domains. You work independently for extended periods and are developing the cross-domain knowledge and stakeholder skills that will prepare you for programme ownership at L3 and beyond. How You'll Make Impact Governance, Risk and Compliance - Support workstreams within Checkout's GRC programme, including ISO 27001, SOC 2, PCI DSS, and applicable regulatory obligations across our global licensed entities. - Assist with control evidence collection activities, coordinating with internal teams to gather accurate and timely evidence in support of audit readiness. - Maintain GRC documentation including policies, standards, procedures, and control matrices under the guidance of senior colleagues. - Support monitoring of the risk register, tracking remediation activity against agreed timelines and escalating where commitments are at risk. - Assist in conducting third-party risk assessments, evaluating supplier security controls in line with Checkout's TPRM framework. - Develop working knowledge of regulatory obligations across Checkout's operating markets, including FCA/PRA requirements, payment scheme rules, and DORA. AI Governance - Support the operationalisation of Checkout's AI governance framework, aligned to ISO 42001, the EU AI Act, and NIST AI RMF. - Assist in conducting AI risk assessments for internal AI and ML systems and third-party AI tools, under the guidance of more senior analysts. - Help maintain an inventory of AI use cases and associated risk classifications, working with product and engineering teams as directed. - Develop awareness of the evolving regulatory landscape for AI in financial services and contribute to policy and control documentation. - Contribute to the development and communication of responsible AI usage guidance for staff, helping teams across the business understand acceptable use boundaries, data handling expectations, and the risks associated with AI tools in a regulated environment. Application Security - Contribute to Checkout's application security programme, including support for secure code review processes, SDLC integration, and developer security guidance. - Support threat modelling activities for new and existing products, identifying security requirements under the guidance of senior colleagues. - Assist in managing vulnerability findings from penetration tests, bug bounty programmes, and automated tooling, tracking remediation and validating fixes. - Apply knowledge of the OWASP Top 10 and secure development frameworks to practical security reviews and guidance activities. Technology Risk - Support technology risk assessments across infrastructure, cloud environments, and third-party systems, contributing to outputs with actionable treatment recommendations. - Assist with control assurance activities including vulnerability scanning coordination, access control assessments, and firewall and configuration reviews. - Develop an understanding of Checkout's technology risk landscape, identifying emerging threats and contributing inputs to the risk register. - Support DORA-related ICT risk management activities under the direction of senior analysts. Data Governance - Support Checkout's data governance programme, including data classification activities, data flow mapping, and enforcement of data handling standards. - Assist with data loss prevention (DLP) controls and tooling, contributing to activities that ensure sensitive data is protected throughout its lifecycle. - Help maintain records of processing activities (RoPA) and support data protection impact assessments (DPIAs) for new systems. - Develop working knowledge of GDPR, UK GDPR, and applicable regional data protection requirements as they affect Checkout's operations. Cross-domain Collaboration - Work with Engineering, Product, Legal, Procurement, Finance, and Compliance teams to support the embedding of security requirements into processes, systems, and projects. - Respond to security due diligence requests from merchants, partners,
Findigo hittar jobben och fyller i ansökan. Du klickar Skicka.
Visa jobbet och ansökUrsprunglig annons: jobs.ashbyhq.com