Compliance Specialist

Compliance Specialist – London (Hybrid) – Payments Fintech

About the Company

Our client is a fast-growing technology company building encryption and data security infrastructure for developers, with a strong focus on powering modern payments infrastructure for leading global businesses.

The Role

Compliance sits at the heart of our product offering. Our customers trust us with highly sensitive data including cardholder data, credentials, and personal information and rely on us to meet the highest security and compliance standards.

We are looking for a Legal & Compliance Officer to take full ownership of PCI DSS compliance and continue developing our compliance and risk function. You will inherit well-established foundations (policies, processes, and certification workflows) and will be responsible for scaling and enhancing them as the business grows.

This role reports directly to the CEO.

Key Responsibilities

PCI DSS & Certification (Core)

• Own and manage the PCI DSS compliance program end-to-end
• Maintain current certifications and prepare for future assessments
• Manage relationships with QSAs and external auditors
• Coordinate evidence gathering and remediation across engineering and operations teams
• Stay up to date with PCI DSS updates (including v4.x) and translate requirements into actionable changes
• Maintain compliance documentation including policies, procedures, and evidence repositories
• Support customers with compliance queries, SAQs, and due diligence processes

Risk & Security Governance

• Maintain and improve information security policies and risk register
• Support additional certifications such as SOC 2 and ISO 27001 as the company scales
• Partner with engineering teams to embed compliance into system design and development

Legal (Desirable)

• Review and negotiate customer contracts, DPAs, and vendor agreements
• Provide guidance on data protection regulations including GDPR and international frameworks
• Support regulatory analysis as the company expands into new markets

About You

• Deep PCI expertise: Extensive experience with PCI DSS, including multiple assessment cycles. Background as a QSA, ISA, or leading compliance at a PCI Level 1 service provider is highly desirable
• Technical fluency: Comfortable discussing encryption, tokenization, key management, and network architecture with engineering teams
• Ownership mindset: Able to maintain and improve existing frameworks while building new processes as needed
• Strong communicator: Capable of translating between technical teams, auditors, and senior leadership
• Pragmatic approach: Focused on real security outcomes, balancing compliance requirements with business efficiency

Ideal Background

• QSA certification (preferred), or ISA certification / equivalent experience
• 3+ years leading PCI DSS compliance in a relevant environment
• Experience with SOC 2, ISO 27001, and/or GDPR
• Legal qualification (e.g. solicitor, barrister, or equivalent) is a plus
• Experience in a startup or high-growth company preferred

What’s on Offer

• Compliance is a core part of the product, with direct impact on business growth
• Strong existing foundations with significant scope to shape and scale the function
• Small, high-trust team with high ownership
• Opportunity to work closely with highly technical engineering teams building critical infrastructure
• Hybrid working model (London-based): in-office Tuesday–Thursday, with Mondays and Fridays encouraged
• Please note: sponsorship is not available for this role

Please apply below if interested