Head of Security

At sunday, we’re transforming the dining experience with fast, seamless payments. No more waiting for the bill — with one scan, guests pay, tip, and leave. We're creating a world where time is better spent enjoying the moment.

We’re a growing team of bold thinkers, builders, and creators, working across Europe and North America to bring better hospitality to life.

We’re looking for a Head of Security to own and elevate security at sunday across product, infrastructure, and compliance.

Security is a foundational part of our business. We handle payments at scale, operate in a PCI DSS–regulated environment, and work closely with restaurants, partners, and payment service providers. You will be the person ensuring that trust, safety, and resilience are embedded in everything we build.

Your mission: build and lead a modern, pragmatic, high-performance security function. Security at sunday spans PCI DSS, payments, data protection, GRC, supplier risk management, cloud security, and corporate security (MDM, EDR, DLP).

You will shape and lead our security strategy, drive key audits (including PCI DSS end-to-end), and operationalize a modern Security Operations Center. This role is hands‑on, business‑facing, and highly cross‑functional: engineering, SRE, ITSM, data, legal, RevOps, and external partners.

As Head of Security at sunday, you will own the company’s security and compliance strategy and execute operational initiatives to protect our payments platform, employees, and customers.

This includes:

• Security & Compliance Strategy: Drive sunday’s global security strategy, risk management, and governance, ensuring alignment with business goals and regulatory frameworks.
• PCI DSS & Audits: Lead PCI DSS audits end‑to‑end, and maintain readiness for SOC2, ISO 27001, CISA, NIST, and other certifications.
• Security Operations Center (SOC): Build and run a modern SOC, including EDR monitoring, alert management, incident response playbooks, and post‑incident reviews.
• Corporate Security: Define and enforce device security, MDM policies (Workspace One), and Data Loss Prevention rules across the company.
• Vendor & Supplier Security: Conduct risk assessments, audits, and contract reviews to ensure third‑party compliance and reduce exposure.
• Cross‑Functional Collaboration: Partner with Legal, DPO, Engineering, SRE, RevOps, ITSM, and other teams to embed security into processes and decisions.
• Cloud & Application Security: Collaborate with engineering teams to secure cloud infrastructure, applications, and SDLC practices; implement secure‑by‑design patterns.
• Risk Management & Reporting: Maintain risk registers, track KPIs, and provide executive reporting on security posture.
• Culture & Awareness: Foster a company‑wide security mindset through training, enablement, and clear guidelines.
• Strategic Initiatives: Lead key security programs, influence product and engineering decisions, and balance technical rigor with pragmatic business execution.

Security is not optional at sunday: it is core to our value proposition.

You will:

• Own the security and compliance backbone of a payment company.
• Unify distributed responsibilities into a world‑class security function.
• Enable us to scale safely across more merchants, more regions, and more payment flows.
• Represent sunday’s security posture to auditors, merchants, and key partners.

Your impact will be immediate, visible, and foundational.

Strong mastery of GRC, PCI DSS, and cloud security: especially the ability to operate PCI DSS audits end‑to‑end with minimal external dependency.

Experience leading security in a product‑led, cloud‑native, fintech or payments environment.

Excellent understanding of the followings:

• EDR / SOC processes and tooling
• CSPM / Vulnerability tools (Wiz)
• MDM platforms (Workspace One)
• Google Workspace security
• Data Loss Prevention and data governance
• Comfort working across legal, compliance, engineering, RevOps, and external auditors.
• Strong risk judgment: you know how to prioritize pragmatically.
• High resilience, resourcefulness, and ability to bring order to distributed responsibilities.
• Fluent in English (written and spoken).

• Competitive salary and equity
• Remote‑first friendly culture with flexible working hours
• The chance to build products used by millions across the globe
• 100% health coverage for you and your children
• Free vacation policy
• Opportunity for significant impact in shaping data strategies and innovative product development within a high‑growth environment

Thank you for taking the time to apply, and looking forward to getting to know you!