Senior Information Security Analyst
Company Description We’re http://checkout.comCheckout.com http://Checkout.com. You might not know our name, but companies like eBay, Spotify, Klarna, Uber, and Sony do, because we’re behind many of the digital experiences you use every day. We are where the world checks out, enabling over 10 billion transactions yearly for more than one billion global shoppers. Whether you want to book a holiday, order food, renew a subscription, or check out online, there’s a good chance our tech powers the payments behind the scenes. Our platform helps the most ambitious businesses deliver effortless digital experiences, at scale. If you want to do career-defining work, you’ve come to the right place. We move fast, think globally, and believe great teams are built by hiring exceptional people with conviction, curiosity, and the desire to make an impact. With 20 offices across six continents and London as our HQ, we’re shaping the future of fintech – and we’re just getting started. The Role As a Senior Information Security Analyst within the GRC team, you will lead the strategic and technical execution of Checkout.com http://Checkout.com's governance, risk and compliance programme. This is a role for a seasoned GRC professional who brings deep expertise across regulatory compliance, enterprise risk management, and security governance — and who can operate with full autonomy while shaping how the function evolves. You will take ownership of Checkout's most complex and high-stakes compliance programmes — PCI DSS v4.0.1, ISO 27001, SOC 2, DORA, and emerging obligations across our global licensed entities — while providing expert guidance to engineering, product, legal, and compliance teams on the security requirements that underpin our ability to operate and grow in regulated markets worldwide. At L4, you are a trusted advisor. You do not just manage compliance — you set the direction for it. You define how risk is identified, assessed, and treated. You advise on product and infrastructure decisions from a risk perspective. You mentor and develop junior and mid-level analysts. And you work closely with security leadership to ensure the GRC programme is aligned to the business's strategic objectives and risk appetite. Your influence extends well beyond the GRC team. You help shape the security culture at Checkout, driving a risk-aware mindset across the business through clear communication, pragmatic guidance, and expert leadership. How You'll Make An Impact GRC Programme Leadership - Lead defined sub-areas of Checkout's GRC programme end-to-end, including PCI DSS v4.0.1, ISO 27001, SOC 2, and regulatory obligations across Europe, MENA, APAC, and the Americas. - Define how control evidence is collected and maintained, moving the function toward continuous audit readiness and away from point-in-time preparation. - Own and drive improvements to GRC documentation including policies, standards, procedures, and control matrices — ensuring they reflect Checkout's evolving risk profile and regulatory obligations. - Lead gap analyses against new and evolving requirements, including DORA ICT risk obligations and the EU AI Act, producing prioritised remediation roadmaps with clear business impact framing. - Own the risk register for your sub-area, managing risk treatment through to closure and escalating to leadership where risk appetite may be exceeded. - Define and refine Checkout's third-party risk management approach for high-risk and critical vendors, setting assessment standards and overseeing their consistent application. - Drive continual improvement of the GRC programme itself — regularly assessing programme maturity, identifying process inefficiencies, and implementing improvements to how risk is identified, assessed, treated, and reported across the business. Audit and Assessment Leadership - Serve as the primary point of contact for external auditors, QSAs, and regulatory assessors across PCI DSS, ISO 27001, SOC 2, and ITGC audit cycles. - Demonstrated experience implementing ISO management system standards end-to-end, covering initial scoping and gap assessment through control design, policy development, internal audit programme, and certification – ideally across more than one standard. - Lead end-to-end audit delivery — scoping, evidence preparation, walkthrough facilitation, finding management, and formal closure. - Own the end-to-end response process for complex merchant assurance and regulatory due diligence requests, ensuring Checkout's compliance posture is presented accurately and persuasively. - Lead quarterly and annual compliance activities including vulnerability scanning coordination, penetration testing programmes, access reviews, and firewall configuration assurance. Policy, Controls and Regulatory Strategy - Apply expert knowledge of PCI DSS v4.0.1, ISO 27001/27002, SOC 2, DORA, NIST CSF, and related frameworks to drive control design, policy development, and compliance strategy. - Advise product and engineering teams on compliance requirements at the point of design, embedding regulatory obligations into architecture decisions and development workflows. - Lead Checkout's regulatory change management activities — monitoring the evolving landscape across financial services, data protection, and AI regulation, assessing business impact, and driving remediation programmes. - Identify and drive systemic improvements to GRC processes, including automation opportunities that improve programme efficiency and evidence quality. - Contribute to the design and development of GRC tooling, dashboards, and risk reporting to improve leadership visibility of Checkout's compliance and risk posture. Stakeholder Influence and Team Development - Act as a senior trusted advisor to Engineering, Product, Legal, Finance, Procurement, and Compliance on all GRC matters, communicating risk in business terms that drive informed decisions. - Represent the GRC function in cross-functional forums, governance committees
Findigo hittar jobben och fyller i ansökan. Du klickar Skicka.
Visa jobbet och ansökUrsprunglig annons: jobs.ashbyhq.com