emerchantpay
201 - 500 employees
🛍️ eCommerce
💳 Fintech
eCommerce • Fintech • Payments
emerchantpay is a global payments solutions provider that offers end-to-end online and in-store payment services. Specializing in seamless payment integration, emerchantpay provides online payments, POS terminals, card issuing, and acquiring services. With a robust global acquiring network, they enable businesses to accept a wide array of payment methods and currencies, enhancing customer experience and operational efficiency. Emerchantpay also offers risk and fraud management tools, global payment methods, and detailed payment reporting for optimizing business operations. The company is registered and authorized as an electronic money institution by several financial authorities, including the UK FCA and the Bank of Lithuania, and acts as an ISO in the US. Serving industries like eCommerce, retail, digital goods, financial services, travel, and gaming, they are committed to improving conversion rates and mitigating risk for their global clientele.
IT Governance, Risk, and Compliance Manager
Job not on LinkedIn
🔥 0 minutes ago
📊 Check your resume score for this job
Improve your chances of getting an interview by checking your resume score before you apply.
emerchantpay
201 - 500 employees
🛍️ eCommerce
💳 Fintech
eCommerce • Fintech • Payments
emerchantpay is a global payments solutions provider that offers end-to-end online and in-store payment services. Specializing in seamless payment integration, emerchantpay provides online payments, POS terminals, card issuing, and acquiring services. With a robust global acquiring network, they enable businesses to accept a wide array of payment methods and currencies, enhancing customer experience and operational efficiency. Emerchantpay also offers risk and fraud management tools, global payment methods, and detailed payment reporting for optimizing business operations. The company is registered and authorized as an electronic money institution by several financial authorities, including the UK FCA and the Bank of Lithuania, and acts as an ISO in the US. Serving industries like eCommerce, retail, digital goods, financial services, travel, and gaming, they are committed to improving conversion rates and mitigating risk for their global clientele.
📋 Description
• Define and maintain the information security strategy, standards, and roadmap, aligned to applicable regulations, rules, and security best practices. • Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared platform services. • Establish and govern secure software development lifecycle (secure SDLC) practices, embedding automated security controls into CI/CD pipelines. • Define and drive adoption of cloud security guardrails - identity, network segmentation, encryption, secrets management, and configuration baselines. • Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers. • Lead the security incident response lifecycle - preparation, detection, containment, eradication, recovery, and post-incident review - and act as incident commander for security events. • Own vulnerability and threat management: scanning, risk-based prioritization, remediation tracking, and reporting across infrastructure, containers, and application code. • Plan and coordinate penetration testing and offensive-security exercises (in-house or co-sourced) and drive findings to closure. • Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems. • Define and oversee data protection controls - encryption, key management, data classification, and loss prevention - for sensitive and cardholder data. • Secure corporate IT and office infrastructure, including endpoints, networks, and productivity and collaboration platforms. • Partner with Engineering and DevOps teams to make the secure path the easy path, providing tooling, standards, threat modelling, and design reviews. • Provide security input into architecture and change decisions, including the adoption of new technologies and third-party services. • Run security awareness and phishing-resilience programs for technical and non-technical staff. • Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits. • Monitor the evolving threat landscape and emerging security technologies. • Act as a key member of the internal security center of excellence and contribute to cross-functional security working groups. • Build, lead, and mentor a small security team. • Report security posture, key risks, and metrics.
🎯 Requirements
• Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent practical experience. • At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role, with hands-on experience securing cloud-native environments at scale. • Deep, practical public-cloud security knowledge (AWS strongly preferred): identity, networking, encryption, logging, and configuration management. • Strong experience securing DevOps / CI/CD pipelines and modern microservices architectures - containers, APIs, and infrastructure-as-code. • Working knowledge of application security and secure SDLC across modern programming languages and web frameworks. • Hands-on experience with security operations, incident response, and vulnerability management. • Solid understanding of security frameworks and compliance standards relevant to payments: ISO 27001, PCI DSS, SOC 2, and NIST CSF. • Working AI security literacy, with hands-on use of AI-assisted security tooling (e.g., GenAI coding assistants, AI-augmented SAST/DAST and SIEM/SOC analytics) and a practical understanding of securing AI/LLM and agentic applications, including AWS AI services such as Amazon Bedrock and the OWASP Top 10 risks for LLMs (e.g., prompt injection and data leakage). • Strong analytical and problem-solving ability, with high integrity and sound judgement. • Excellent verbal and written communication skills, fluent English, and the ability to influence engineers with data, logic, and best practices.
🏖️ Benefits
• Fast-growing payment company; • Excellent working conditions, casual atmosphere, and state-of-the-art hardware; • Modern, challenging, constantly growing business; • Professional development - books, trainings, certifications, etc.; • Team buildings and fun activities; • 25 days paid holiday, 1 day for every 2 years with us; • Fully distributed and remote.
Apply Now
