Principal Engineer - Governance, Risk & Compliance

About Kiwi.com
Kiwi.com is a leading global travel-tech company headquartered in the Czech Republic. Our innovative algorithm enables users to find better route options and prices other search engines can’t see, daily performing billions of price checks across 95% of global flight content. Are you bold, bright and curious? Join a global business that’s still got a start-up heart.

About our Information Security team
The information security team is responsible for enhancing security practices across our entire ecosystem, aiding our Engineers in creating and maintaining secure products, and supporting secure operations. Our talented team leverages automated governance, risk, and compliance platforms to streamline compliance processes and is also focused on developing a roadmap for continuously improving our future governance practices.

What you will do

• You will own and manage the lifecycle of our key compliance frameworks, including PCI-DSS, ISO27001, SOC2, and NIS2.
• You will develop and maintain automated Governance, Risk, and Compliance (GRC) platforms to support continuous compliance monitoring, reporting, and auditing.
• Collaborating with engineering teams, you will align technical controls with regulatory and certification requirements.
• You’ll establish policies, standards, and procedures that align with industry best practices and regulatory requirements.
• You will work closely with our Director of Security to develop metrics and reporting frameworks that demonstrate the successful implementation and management of our GRC function.
• You’ll lead internal and external audits, ensuring timely completion and accurate evidence collection.
• You will educate stakeholders on compliance requirements and security risks, fostering a security-first culture across Kiwi.com
• You will provide mentorship and coaching to colleagues within our Information Security team.

What you will need

• Your strong expertise in Information Security, Risk Management, and Compliance.
• You bring extensive experience managing compliance frameworks such as PCI-DSS, ISO27001, SOC2, and NIS2.
• You bring hands-on experience with GRC automation platforms to improve audit and compliance efficiencies.
• A strong understanding of cloud security frameworks, along with your experience with Google Cloud Platform, is preferred.
• You are an excellent communicator who can translate technical security requirements into clear business language.
• You have experience working cross-functionally with engineering, legal, and executive teams.
• With your coaching and mentoring abilities, you will enhance the knowledge of the wider security team.
• You have a self-starter mentality with the ability to manage multiple projects independently.

We offer you

• We offer a hybrid and flexible work environment. A lovely, modern office in the center of Barcelona (Passeig de Gracia) with great views and amenities.
• We also enjoy benefits, such as flexible working hours, 30 paid vacation days, sick days, private medical insurance, Employee Assistance Program, GymForLess membership, the annual subscription for El Bicing. 
• Annual financial bonus based on company and individual performance.
• Flight vouchers to celebrate your kiwi anniversaries.
• Relocation package (including visa transfer support).
• Dogs are welcome in our offices.

#LI-VL1
Interested? Join us and help us make travel more accessible to all. 
Kiwi.com is proud to be an equal opportunity workplace and employer. We review applications for employment without regard to their race, colour, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Throughout the recruitment process and for some time after it’s finished, we’re going to process your Personal Data. You can find all the necessary information in our Privacy Policy available at: https://jobs.kiwi.com/recruitment-privacy-policy/.