Security and Compliance Engineer

About PayChoice:

PayChoice is one of Australia’s leading payment gateways, specialising in the collection of payments for clients around Australia in industries such as Healthcare/Fitness, Childcare, Medical and many more.Are you ready to take the next step in your career and lead a dynamic team of IT? Do you thrive in a collaborative environment where innovation and excellence are celebrated? If so, PayChoice has an exciting opportunity for you!
Who We Are:
At PayChoice, we're pioneers in payment gateway solutions, empowering businesses across Australia in sectors like Healthcare/Fitness, Childcare, Medical, and beyond. Delivering secure and efficient payment solutions to businesses. As a PCI-compliant organisation, we prioritise the security of our customers' payment data and are committed to maintaining the highest standards of compliance. We are looking for a Security and Compliance Engineer to join our team and ensure our continued compliance with PCI-DSS and other industry regulations.
What We're Looking For:
As a Security and Compliance Engineer at PayChoice, you will be responsible for ensuring the security and compliance of our payment gateway services. You will work closely with our development, operations, and leadership teams to manage risks, implement security controls, and maintain compliance with PCI-DSS and other relevant security standards. Your role will be pivotal in protecting our infrastructure, customer data, and ensuring that we meet all regulatory and compliance obligations.
Key Responsibilities:

• PCI-DSS Compliance Management:

1. Maintain and oversee PayChoice’s adherence to PCI-DSS standards.
2. Conduct regular gap analysis and audits to ensure compliance with industry regulations.
3. Develop and implement security policies, procedures, and documentation required for PCI and other compliance certifications.

• Security Controls & Risk Management:

1. Design, implement, and monitor security controls to protect sensitive customer data.
2. Perform risk assessments and identify potential vulnerabilities in systems, networks, and processes.
3. Collaborate with engineering and operations teams to mitigate risks and apply secure development practices (DevSecOps).
4. Ensure continuous monitoring and timely response to potential security incidents.

• Audit and Incident Response:

1. Manage external PCI audits and work with auditors to ensure successful certification.
2. Develop and maintain an incident response plan in compliance with PCI and security best practices.
3. Lead the investigation and resolution of security incidents and provide recommendations for future prevention.

• Security Awareness and Training:

1. Conduct security awareness training for employees to ensure a company-wide understanding of security best practices.
2. Promote a security-conscious culture throughout the organisation.

• Collaboration and Reporting:

1. Work closely with development, DevOps, and IT teams to embed security into the product lifecycle.
2. Create detailed compliance reports and security performance metrics for internal stakeholders and regulatory bodies.
3. Keep the leadership team informed on security and compliance risks, initiatives, and progress.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent experience.
• At least 5 years of experience in security and compliance roles, with a strong understanding of PCI-DSS.
• In-depth knowledge of security frameworks and standards, such as ISO 27001, SOC 2, NIST, etc.
• Hands-on experience with security tools for monitoring, vulnerability management, and auditing (e.g., SIEM, IDS/IPS, vulnerability scanners).
• Experience working with DevSecOps practices and cloud security (AWS, Azure, or GCP).
• Strong knowledge of data encryption, secure authentication, and access management practices.
• Excellent problem-solving skills, with the ability to perform risk assessments and recommend effective mitigation strategies.
• Strong communication skills and the ability to work collaboratively across departments.
• Relevant certifications such as CISSP, CISM, CISA, or PCI Professional (PCIP) are a plus.

Preferred Qualifications:

• Experience in payment gateway security or a SaaS environment.
• Familiarity with additional regulatory standards, such as PCI DSS, GDPR or SOC.
• Experience managing external audits and working directly with auditors.

Where You'll Work:
This role offers the flexibility of remote work, allowing you to collaborate with our team from anywhere in the world.
What's In It For You:
In addition to a competitive salary package, you'll enjoy:

• Competitive compensation package
• Medical insurance becomes effective after 6 months
• Laptop is provided
• Chance to work on cutting-edge projects with a talented team
• The opportunity to be part of an Australian success story and contribute to global expansion
• High standards for quality and integrity, shaping the future of payment processing
• A supportive and inclusive culture where your ideas are valued
• The potential for career growth and advancement into global management roles
• Access to ongoing training and development opportunities to support your professional growth

Join us at PayChoice and embark on an exciting journey of innovation and growth.