Security Conplience Engineer at Unlimit

Belgrade, Serbia

Apply Now

Not SpecifiedCompensation

Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Fintech, PaymentsIndustries

Requirements

3+ years in Information Security, Compliance, or Risk Management (preferably in fintech or cloud-native environments)
Hands-on with PCI DSS, ISO 27001/27002, GDPR
Working knowledge of DORA, PSD2, and SWIFT CSP
Experience running Risk Management cycles (risk register, scoring, treatment, residual risk, dashboards/heatmaps)
Proven [incomplete in JD, but implied hands-on expertise in compliance automation or related]

Responsibilities

Implement Continuous Control Monitoring across cloud and SaaS environments — leveraging AI/LLM/RAG models to map regulatory requirements to implemented controls, detect deviations in near real time, and surface risk heatmaps and dashboards for executive visibility
Automate evidence management for PCI DSS, ISO 27001, DORA, and SWIFT CSP — using AI-based extraction, classification, and correlation engines to assemble audit-ready evidence packs and draft responses; keep immutable trails and citations for auditor traceability
Own the lifecycle of Information Security policies, standards, and procedures
Run the end-to-end Risk Management workflow — register risks, score likelihood/impact, propose mitigations, track remediation and residual risk, and generate risk reports/heatmaps for management and auditors. Use automation to correlate risks with control gaps, incidents, and vendor posture
Maintain and evolve the Business Impact Reference Table (BIRT) — quantify business impacts (financial, regulatory, operational, reputational), calibrate impact categories using incident data and scenario analysis, and ensure consistent linkage between BIRT, risk scoring, and control priorities
Strengthen Third-Party Risk Management (TPRM) — analyze vendor questionnaires (SIG, CAIQ, SWIFT CSP), cross-check with threat intel and attack surface data, track CAPA/remediation, and enforce contractual/security clauses and review cycles
Operate the Policy Exception Register — capture exceptions with compensating controls, enforce expiry/review reminders, and validate effectiveness via continuous monitoring signals
Drive security awareness with automation — produce adaptive AI-generated content, run phishing simulations, and deliver personalized, role-based awareness metrics to reduce human-factor risk
Continuously improve audit readiness — standardize templates, evidence locations, and control narratives; embed ChatOps for faster stakeholder responses; and uphold AI guardrails (data minimization, role scopes, approvals, auditability)

Skills

Key technologies and capabilities for this role

AILLMRAGPCI DSSISO 27001GDPRPSD2DORASWIFT CSPCloudSaaSContinuous Control MonitoringCompliance AutomationEvidence Management

Questions & Answers

Common questions about this position

What are the main responsibilities of the Security Compliance Engineer role?

You will implement continuous control monitoring using AI/LLM/RAG models, automate evidence management for standards like PCI DSS and ISO 27001, own information security policies, run risk management workflows, maintain the Business Impact Reference Table, and strengthen third-party risk management.

What regulations and standards will I work with in this position?

The role involves working with PSD2, DORA, PCI DSS, SWIFT CSP, ISO 27001, and GDPR to ensure continuous alignment and audit-readiness.

Is this a remote position or does it require office work?

This information is not specified in the job description.

What is the salary or compensation for this role?

This information is not specified in the job description.

What skills make a strong candidate for this Security Compliance Engineer position?

Strong candidates will have deep security knowledge, expertise in automation and AI/LLM/RAG models, experience with compliance standards like PCI DSS and ISO 27001, and skills in risk management and third-party vendor analysis.

Unlimit

Provides borderless payment solutions globally

About Unlimit

Unlimit provides borderless payment solutions for businesses aiming to grow locally and globally. The company has developed a large in-house payment infrastructure that allows it to offer a wide range of financial services, including payment acceptance, payment processing, and corporate fund management. Businesses can easily acquire cards, utilize alternative payment methods, and handle international transfers through Unlimit's platform. What sets Unlimit apart from its competitors is its extensive coverage and variety of payment options, including unique local methods tailored to different regions. This enables businesses to confidently enter new markets. Unlimit's goal is to support innovative companies in moving beyond traditional banking technologies, facilitating their expansion and financial management in the evolving fintech landscape.

London, United KingdomHeadquarters

2009Year Founded

VENTURE_UNKNOWNCompany Stage

FintechIndustries

201-500Employees

Benefits

Hybrid Work Options

Paid Vacation

Risks

Increased competition from fintech startups targeting niche markets like the female economy.

Regulatory scrutiny in emerging markets due to DeFi, GameFi, and NFT collaborations.

Challenges in African market expansion due to local regulatory environments.

Differentiation

Unlimit offers the largest in-house developed payment infrastructure globally.

The company provides unique local payment options tailored to specific regions.

Unlimit's borderless payment solutions facilitate seamless international business expansion.

Upsides

Embedded finance growth aligns with Unlimit's BaaS offerings.

Rising digital wallets and contactless payments boost Unlimit's card issuing services.

Cross-border e-commerce growth supports Unlimit's borderless payment solutions.

Land your dream remote job 3x faster with AI

Try Jobo Free