GRC Analyst
MercuryFull Time
Mid-level (3 to 4 years), Senior (5 to 8 years)
The candidate should possess 2-4 years of experience in information security, IT audit, or compliance, with a preference for experience in payments or financial services. Practical knowledge of PCI DSS requirements and related frameworks such as ISO 27001 and SOC 2 is necessary, along with experience supporting audits and managing compliance evidence. A strong understanding of technical concepts including network segmentation, encryption, vulnerability scanning, and secure authentication is required, as are strong documentation and process management skills. Familiarity with cloud service providers (AWS, Azure, GCP) in PCI DSS contexts and experience with tools like Qualys, Wiz, or Microsoft Sentinel are considered advantageous.
The Information Security Analyst will support Checkout.com’s PCI DSS Level 1 certification program and related payment card industry compliance initiatives by executing daily PCI DSS compliance activities. This includes coordinating with Qualified Security Assessors (QSA) and internal stakeholders for PCI DSS, PCI-SSF, and PCI3DS audits, assisting with evidence collection and submission, and maintaining PCI DSS runbooks, scope documentation, and data flow diagrams. The role involves participating in PCI DSS scope validation and segmentation testing, performing scheduled PCI DSS control checks, tracking remediation actions, and supporting quarterly and annual compliance activities such as penetration testing and vulnerability scanning. Responsibilities also include monitoring and documenting the operational effectiveness of PCI controls, keeping PCI DSS scope narratives and system diagrams updated, preparing PCI status reports, logging compliance exceptions, and responding to PCI DSS-related merchant and partner due diligence requests. Additionally, the analyst will provide PCI DSS awareness sessions to internal teams and promote a security-first culture.
High-performance payments platform for enterprises
Checkout.com provides a payments platform that helps businesses process payments, send payouts, and manage card programs. The platform is designed for large enterprises and growing businesses, allowing them to handle high volumes of transactions quickly and reliably. It integrates with clients' existing systems and offers a range of payment services, generating revenue through transaction fees and subscriptions. Unlike many competitors, Checkout.com focuses on providing a comprehensive, cloud-based solution that supports the financial operations of its clients across the globe. The goal of Checkout.com is to streamline payment processes and enhance the payment experience for both businesses and their customers.