Security & Compliance Engineer.

paytech is a dynamic fintech company dedicated to pushing the boundaries of innovation in the financial technology industry. Our mission is to revolutionise the way people manage and interact with their finances through cutting-edge solutions and exceptional service. We pride ourselves on fostering a culture of innovation, collaboration, and excellence.

As a Security & Compliance Engineer, you will support both client and internal compliance efforts across PCI DSS, ISO 27001, and ISO 22301. You will partner with auditors, clients, and engineering teams to translate requirements into practical processes, maintain evidence, and drive remediation—helping paytech meet security obligations efficiently without unnecessary bureaucracy.

Compliance and Audits

• Support paytech clients during PCI DSS audits (Merchant and Service Provider levels).
• Maintain compliance records for clients, including:
  • Audit timelines
  • Current audit status
  • Defined audit scope
  • Key stakeholders and contacts
  • Audit documentation
• Prepare and maintain audit evidence, including policies, procedures, process descriptions, and system diagrams.
• Participate in internal audits and certification processes for paytech, including:
  • PCI DSS v4.0
  • ISO 27001
  • ISO 22301
• Act as a primary point of contact for external auditors and QSA companies.

Policies and Security Processes

• Develop, maintain, and regularly review internal security policies, including but not limited to:
  • Password Policy
  • Access Control Policy
  • Information Security Policy
  • Incident Management Policy
  • Vendor and Third-Party Management Policy
• Ensure policies are not only documented but effectively implemented and aligned with actual operational practices.

Internal Collaboration

• Work closely with Engineering, DevOps, and Product teams to:
  • Explain security and compliance requirements
  • Support remediation and closure of audit findings
  • Review system architecture and processes from a security perspective
• Act as a trusted partner for internal teams, helping them meet compliance requirements efficiently and pragmatically, without unnecessary bureaucracy.

Vendor and Service Registry

• Maintain a centralized registry of third-party services and vendors, including:
  • Services in use
  • Payment records
  • Internal ownership and responsibility
  • Security and compliance requirements
• Participate in vendor risk management activities.

• 2–5 years of experience in information security, compliance, or GRC-related roles
• Practical experience with PCI DSS, including audit participation, evidence preparation, or remediation activities
• Familiarity with ISO 27001 and ISO 22301 standards
• Experience working with security policies, procedures, and audit documentation
• Ability to communicate clearly with both technical and non-technical stakeholders
• Comfortable working with external auditors and compliance partners
• Good written and spoken English

• Experience in fintech, payments, or other regulated industries
• Understanding of cloud environments (AWS or similar) from a security and compliance perspective
• Experience maintaining documentation in Confluence or similar knowledge management systems
• Basic understanding of DevOps and modern engineering workflows