Senior InfoSec Compliance Specialist – Payment Security (PCI DSS / PIN / P2PE)

Remote, UK

We are seeking a strategic and execution-driven Senior Information Security Compliance Specialist to champion enterprise-level compliance initiatives and embed regulatory excellence across our operations. In this role, you will lead the development and execution of scalable compliance programs that align with business goals, regulatory obligations, and audit requirements. You'll play a critical role in supporting PCI (DSS, PIN, P2PE, MPoC), and SOC 2 initiatives while cultivating a culture of proactive compliance and risk management. This is primarily a remote position, with occasional in-person responsibilities for cryptographic ceremonies held at our Bristol, UK office.

The ideal candidate is a seasoned compliance specialist who:

• Converts complex regulatory standards into pragmatic, scalable programs, policies, and procedures
• Brings deep familiarity with PCI (DSS, PIN, P2PE, MPoC), and SOC 2
• Partners cross-functionally to drive governance, automation, and continuous improvement
• Leverages GRC tooling to enhance documentation, management, and reporting on compliance initiatives, risk, and controls
• Communicates effectively across technical and non-technical stakeholders
• Champions a proactive compliance culture organization-wide

Compliance Program Development & Execution:

• Develop and evolve compliance programs for PCI (DSS, PIN, P2PE), and SOC 2 across their full lifecycle
• Establish and maintain audit-ready compliance processes that support year-round readiness
• Define internal roadmaps to achieve and sustain certification status
• Own the full policy lifecycle, including control mapping, documentation governance, and change management
• Conduct risk assessments and controls testing to identify and remediate gaps
• Collaborate with engineering, infrastructure, and operations teams to ensure effective design and implementation of controls
• Lead NMI’s Business Continuity and Disaster Recovery planning, management, and testing programs
• Provide compliance-focused input on new systems and service implementations

Audit Preparation & Oversight:

• Serve as a primary point of contact for external auditors and assessors
• Lead audit prep activities including walkthroughs, documentation reviews, and technical evidence collection
• Ensure timely resolution of audit findings and communicate progress to stakeholders

Cross-Functional Collaboration & Enablement:

• Engage with stakeholders across Engineering, Product, Legal, and HR to support compliance-by-design
• Educate internal teams on compliance responsibilities, procedures, and controls
• Support vendor risk and third-party security assessment activities

Required:

• 5+ years of experience in information security, IT risk, or compliance roles
• In-depth experience with PCI DSS and at least two of: PCI PIN, PCI P2PE, SOC 2
• Proven ability to manage end-to-end compliance projects including successful third-party audits
• Familiarity with common security documentation, audit evidence gathering, and security documentation management practices
• Strong organizational, project management, and stakeholder communication skills

Preferred:

• Experience with compliance oversight for secure key management ceremonies and cryptographic key exchanges
• Industry certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer
• Background in SaaS or fintech environments
• Exposure to secure development practices, risk assessments, and vendor risk management programs
• Familiarity with common GRC tools such as Tugboat, Drata, or Vanta
• Understanding of privacy regulations (e.g., GDPR, CCPA) as they relate to operational compliance

• Annual bonus scheme dependent on individual and company performance
• 25 days holiday each year (+ bank holidays + 1 day after each year of service with up to a max. of 30 days)
• Private medical insurance (upon 30 days of employment)
• A remote first culture
• Great work-life balance with our Flexi-time policy
• Family Friendly policies (Enhanced Maternity and Paternity Pay and Shared Parental Leave).
• A chance to develop with an allocated company training budget
• Bike2Work Scheme
• Lifeworks, an Employee Assistance Programme which offers wellbeing, family and financial support services, such as assessments, resources and even 1:1 counselling sessions. It also offers interesting perks such as discounts on gyms, restaurants, high street retailers and cinema tickets
• A strong commitment to employee wellbeing including mental health first aiders
• Employee referral scheme with generous financial reward
• Bonusly colleague reward scheme

We’re looking for creative and passionate people who share our vision of making payments easy. If that sounds like you and you meet the requirements above, then please click on 'Apply for this job'!

We are an Equal Opportunities employer and will provide reasonable support throughout the recruitment process to applicants who have a disability. Please let us know in advance so that any support, aids or adaptations can be put in place to assist you.

Please be aware that all offers of employment are made subject to receipt of satisfactory background and financial checks.

About us

NMI enables our partners with choice, and challenges the one-size-fits-all approach to payments. You\'ve probably used NMI in the last 24 hours without even realising it. We’re the platform that powers success for innovative tech created by SMBs, entrepreneurs and fintech start-ups. We’re creative problem solvers who help visionaries smash through boundaries and think beyond what’s possible so they can think about what’s next. But we’re not just built for the tech savvy. We democratise the latest payments technology so that everyone can realise the benefits of easy payments across the full spectrum of commerce. We’re all about enabling more payments in more ways and more places.

Please note that in compliance with the data protection regulations within your jurisdiction, any personal information submitted with your job application may be collected and used by NMI for the purpose of recruitment and employment-related activities. By submitting your application, you acknowledge and provide explicit consent to the processing of your personal information as described in our privacy policy found on our website. For more information on how we process your information, please read our privacy policy here:https://www.nmi.com/legal/privacy-policy/

About this role: remote search and selection process