SeniorFull TimeEN
About Planet
Planet is a global provider of integrated technology and payments solutions for retail and hospitality customers.
We create great experiences for the millions of people who use our payments, software, and tax-free solutions every minute of every day.
Planet empowers its customers to deliver great customer experiences by combining payments and software in ways that drive greater loyalty, increase revenue and save time.
Founded over 35 years ago and with our headquarters in London, today we have more than 2,500 employees located across six continents serving our customers in more than 120 markets.
Role overview:
Information Senior Security Assurance Specialist with a strong background in payment security standards (PCI DSS, PCI P2PE, PCI PIN) and general security frameworks (ISO 27001, SOC 1, SOC 2).
Conduct and lead security audits, assess compliance, challenge control design and effectiveness, and support remediation activities to ensure the organization meets its regulatory and contractual obligations. Act as a trusted advisor to development, infrastructure, and business teams, helping embed security and compliance practices into the delivery lifecycle.
Plan, execute, and manage information security audits aligned to PCI DSS, PCI P2PE, PCI PIN, ISO 27001, SOC 1, and SOC 2, including readiness assessments, gap analyses, and follow‑up reviews.
Interpret and apply security frameworks and standards to business processes, technical architectures, and third‑party services, ensuring controls are effective, risk‑based, and audit‑ready.
Collaborate with internal stakeholders (IT Infrastructure, Product, Security Architecture, Security Operations, Legal, etc.) to identify, document, and prioritize security and compliance gaps, and to define realistic remediation plans.
Lead or support internal audits, vendor assessments, and third‑party audits (e.g., PCI QSA, ISO 27001 surveillance, SOC 1/2 examinations), coordinating evidence collection and documentation.
Review and assess security policies, standards, and procedures to ensure alignment with applicable frameworks and regulatory requirements.
Translate audit findings into clear, actionable recommendations for technical and non‑technical audiences, including risk owners, senior management, and external auditors.
Support the preparation of audit reports, Attestations of Compliance (AOCs), SOC reports, and ISO statements of applicability, ensuring accuracy and completeness.
Stay up to date with emerging threats, regulatory changes, and evolving control expectations and propose proactive improvements to the control environment.
Provide guidance on secure SDLC, cloud security, data protection, and access management to ensure security and compliance are integrated into design and implementation.
Bachelor’s or Master’s degree in Information Security, Computer Science, Cybersecurity, or a related field, or equivalent professional experience.
At least 5–7 years of experience in information security, audit, or GRC, with a proven track record in payment security and compliance.
Demonstrable experience with PCI DSS (including familiarity with PCI 4.0), PCI P2PE, and PCI PIN standards, including working with acquiring banks, payment processors, and QSA firms.
Strong understanding of general information security concepts, such as access control, cryptography, network security, logging and monitoring, incident response, and vulnerability management.
Excellent written and verbal communication skills in English (and additional languages where applicable), with the ability to explain complex security and compliance topics to technical and non‑technical stakeholders.
Ability to work independently, manage multiple priorities, and meet tight deadlines in a fast‑paced environment.
Must to have
Relevant certifications such as CISA, CISSP, CISM, PCI QSA, ISO 27001 LI/LA, or SOC 1/2 practitioner credentials.
Experience working in fintech, payments, or card‑acquiring environments.
Experience with agile methodologies, Jira, or similar tools for tracking findings, remediation plans, and evidence.
Familiarity with GRC platforms or audit management tools used for control testing and evidence collection.
Why Planet:
Planet is an equal opportunity employer where diversity is valued, and all employment is decided based on qualifications, merit, and business need.
Come and grow your career in the most exciting, fast paced technology market, with a business that delivers feel-good connected commerce.
We would love to hear from you – Apply now.
At Planet, we embrace a hybrid work model, with three days a week in the office.
Reasonable accommodations may be made in order to allow for an individual to perform the essential functions of this role successfully.
