Information Security Analyst, PCI

Company Description

We're Checkout.com - you might not know our name, but companies like eBay, ASOS, Klarna, Uber Eats, and Sony do. That moment when you check out online? We make it happen.

Checkout.com is where the world checks out. Our global network powers billions of transactions every year, making money move without making a fuss. We spent years perfecting a service most people will never notice. Because when digital payments just work, businesses grow, customers stay, and no one stops to think about why.

With 19 offices spanning six continents, we feel at home everywhere - but London is our HQ. Wherever our people work their magic, they're fast-moving, performance-obsessed, and driven by being better every day. Ideal. Because a role here isn't just another job; it's a career-defining opportunity to build the future of fintech.

Job Description

As a PCI DSS Compliance Analyst within the Information Security team, you will play a key role in supporting Checkout.com's PCI DSS Level 1 certification program and related payment card industry compliance initiatives. This role is responsible for day-to-day execution of PCI DSS compliance activities, ensuring that cardholder data environments and processes meet the requirements of PCI DSS v4.0. You will work closely with engineering, product, operations, legal, and audit stakeholders to maintain compliance, respond to merchant inquiries, and ensure our security controls are audit-ready.

Key Responsibilities:

Audit & Assessment Support

• Coordinate with Qualified Security Assessors (QSA) and internal stakeholders to support PCI DSS, PCI-SSF and PCI3DS
• Assist with evidence collection, review, and submission to external assessors.
• Maintain PCI DSS runbooks, scope documentation, and data flow diagrams.
• Participate in PCI DSS scope validation and segmentation testing activities.

Compliance Monitoring & Control Assurance

• Perform scheduled PCI DSS control checks and log results
• Track remediation actions and validate fixes for identified control gaps
• Support quarterly and annual compliance activities, including:
• Penetration testing
• Firewall and router configuration reviews
• User access reviews
• Vulnerability scanning
• Monitor and document the operational effectiveness of PCI controls

Documentation & Reporting

• Keep PCI DSS scope narratives and system diagrams up-to-date
• Prepare and deliver PCI status reports to the PCI Compliance Manager
• Log compliance exceptions and follow up on approvals or remediation actions

Stakeholder Engagement

• Respond to PCI DSS-related merchant and partner due diligence requests
• Provide PCI DSS awareness sessions and guidance to internal teams
• Promote a security-first culture within CKO through proactive engagement

Required Skills & Experience:

• 2-4 years in information security, IT audit, or compliance, preferably in payments or financial services.
• Practical knowledge of PCI DSS requirements and related frameworks (ISO 27001, SOC 2).
• Experience supporting audits and managing compliance evidence

Understanding of technical concepts such as:

• Network segmentation
• Encryption
• Vulnerability scanning
• Secure authentication
• Strong documentation and process management skills

Nice to haves:

• PCI Professional (PCIP) or equivalent certification
• Familiarity with cloud service providers (AWS, Azure, GCP) in PCI DSS contexts
• Experience with tools such as Qualys, Wiz, Microsoft Sentinel, or similar

Key Competencies:

• Detail-oriented and thorough in documentation and evidence tracking
• Able to work effectively with technical and business teams
• Proactive in identifying issues and driving remediation
• Strong analytical and communication skills

Bring all of you to work

We create the conditions for high performers to thrive - through real ownership, fewer blockers, and work that makes a difference from day one.

Here, you'll move fast, take on meaningful challenges, and be recognized for the impact you deliver. It's a place where ambition gets met with opportunity - and where your growth is in your hands.

We work as one team, and we back each other to succeed. So whatever your background or identity, if you're ready to grow and make a difference, you'll be right at home here.

It's important we set you up for success and make our process as accessible as possible. So let us know in your application, or tell your recruiter directly, if you need anything to make your experience or working environment more comfortable.

Life at Checkout.com

We understand that work is just one part of your life. Our hybrid working model offers flexibility, with three days per week in the office to support collaboration and connection.

Curious about what it's like to be part of our team? Visit our Careers Page to learn more about our culture, open roles, and what drives us.

For a closer look at daily life at Checkout.com, follow us on LinkedIn and Instagram