Security and Compliance Engineer

paytech is a dynamic fintech company dedicated to pushing the boundaries of innovation in the financial technology industry. Our mission is to revolutionise the way people manage and interact with their finances through cutting-edge solutions and exceptional service. We pride ourselves on fostering a culture of innovation, collaboration, and excellence.

As a Security & Compliance Engineer, you will support both client and internal compliance efforts across PCI DSS, ISO 27001, and ISO 22301. You will partner with auditors, clients, and engineering teams to translate requirements into practical processes, maintain evidence, and drive remediation—helping paytech meet security obligations efficiently without unnecessary bureaucracy.

Key Responsibilities

Compliance and Audits:

• Support paytech clients during PCI DSS audits (Merchant and Service Provider).
• Maintain compliance records for clients, including:
• • audit timelines
• • current audit status
• • audit scope
• • key contacts
• • audit documentation
• Prepare and maintain audit evidence, including policies, procedures, process descriptions, and diagrams
• Participate in internal audits and certifications for paytech:
• • PCI DSS v 4.0
• • ISO 27001
• • ISO 22301
• Act as a primary point of contact for external auditors and QSA companies

Policies and Security Processes:

• Develop, maintain, and regularly review internal security policies, including but not limited to:

Searching for Cyber Security roles that provide visa sponsorship? Connect with international employers through Cyber Security Jobs with Visa Sponsorship opportunities actively seeking talented professionals.

• • Password Policy
• • Access Control Policy
• • Information Security Policy
• • Incident Management Policy
• • Vendor and Third-Party Management Policy
• Ensure that policies are not only documented, but also aligned with actual operational practices

Internal Collaboration:

• Work closely with engineering, DevOps, and product teams to:
• • explain security and compliance requirements
• • assist with closing audit gaps
• • review system architecture and processes from a security perspective
• Act as a partner for internal teams, helping them meet compliance requirements efficiently without unnecessary bureaucracy

Vendor and Service Registry:

• Maintain a registry of third-party services and vendors, including:
• • services in use
• • payment records
• • internal ownership and responsibility
• • security and compliance requirements
• Participate in basic vendor risk management activities

Requirements

Must-have:

• 2–5 years of experience in information security, compliance, or GRC-related roles
• Practical experience with PCI DSS, including audit participation, evidence preparation, or remediation activities
• Familiarity with ISO 27001 and ISO 22301 standards
• Experience working with security policies, procedures, and audit documentation
• Ability to communicate clearly with both technical and non-technical stakeholders
• Comfortable working with external auditors and compliance partners
• Good written and spoken English

Nice-to-have:

• Experience in fintech, payments, or other regulated industries
• Understanding of cloud environments (AWS or similar) from a security and compliance perspective
• Experience maintaining documentation in Confluence or similar knowledge management systems
• Basic understanding of DevOps and modern engineering workflows

What We Offer

• Growth and development opportunities in the fintech domain, in a no-bureaucracy culture where your ideas and contributions are valued
• Work equipment tailored to your needs (Mac / Windows / Linux)
• Cozy office in Limassol with great coffee, snacks, drinks, a PS5, and a stunning rooftop view
• Private medical insurance after the probation period, plus additional perks (including a sport benefit with partial coverage and lunch allowance)
• Support with work permit arrangements