Information Security Analyst II (GRC)
Company Description
We’re Checkout.com . You might not know our name, but companies like eBay, Spotify, Klarna, Uber, and Sony do, because we’re behind many of the digital experiences you use every day.
We are where the world checks out, enabling over 10 billion transactions yearly for more than one billion global shoppers.
The Role
As an Information Security Analyst II within the GRC team, you will take meaningful ownership of Checkout.com 's governance, risk and compliance programmes. This is a role for someone who has moved beyond task execution and is ready to drive workstreams, lead compliance activities, and act as a trusted point of contact for internal teams and external assessors.
You will work across Checkout's core compliance frameworks including PCI DSS v4.0.1, ISO 27001, SOC 2, and emerging regulatory obligations such as DORA and the EU AI Act, supporting our global footprint across Europe, MENA, APAC, and the Americas. You will coordinate audit evidence activities, conduct risk assessments, improve GRC processes, and support the development of junior colleagues.
This role sits at the heart of how Checkout manages risk. We don't just audit and report. We own the risk narrative, drive the control environment, and ensure the business can grow with confidence in regulated markets worldwide.
How You'll Make an ImpactGovernance, Risk and Compliance Programme Management
Own and manage defined workstreams within Checkout's GRC programme, including PCI DSS v4.0.1, ISO 27001, SOC 2, and relevant regulatory obligations across our global licensed entities.
Coordinate control evidence collection activities across internal teams, ensuring continuous audit readiness rather than point-in-time preparation.
Maintain and improve GRC documentation including policies, standards, procedures, and control matrices, ensuring they stay current and proportionate to Checkout's evolving risk profile.
Perform gap analyses against new or evolving requirements including DORA and the EU AI Act, translating findings into prioritised remediation plans.
Support monitoring of the risk register, track remediation activity against agreed timelines, and escalate issues where commitments are at risk.
Conduct third-party risk assessments, evaluating supplier security controls and compliance posture in line with Checkout's TPRM framework.
Audit and Assessment Support
Act as a key liaison between internal teams and external auditors, QSAs, and assessors across PCI DSS, ISO 27001, IT General Controls (ITGCs) and SOC 2 certification cycles.
Prepare and deliver evidence packages, coordinate walkthroughs, and manage audit findings through to closure.
Support end-to-end response process for merchant assurance questionnaires and due diligence inquiries, ensuring all technical and regulatory queries are addressed with accuracy and within agreed SLAs.
Support quarterly and annual compliance activities including vulnerability scanning, penetration testing coordination, access reviews, and firewall configuration reviews.
Policy, Controls and Regulatory Coverage
Apply working knowledge of PCI DSS v4.0.1, ISO 27001/27002, SOC 2, DORA, NIST CSF, and other applicable frameworks to day-to-day GRC work.
Support meeting regulatory change across Checkout's operating markets including FCA/PRA requirements and payment scheme obligations, flagging gaps and supporting impact assessments.
Proactively identify inefficiencies in GRC processes and propose practical improvements, including automation where viable.
Contribute to the development and refinement of GRC tooling, dashboards, and reporting to improve visibility of risk and compliance posture across the business.
Stakeholder Engagement and Mentoring
Work closely with Engineering, Product, Legal, Procurement, and Finance to embed security and compliance requirements into processes, systems, and projects.
Respond to PCI DSS, ISO 27001, and broader security-related due diligence requests from merchants, partners, and regulators.
Provide guidance and day-to-day support to junior analysts (L1 and L2), contributing to their development through knowledge sharing and review.
Promote a security-first culture across Checkout through proactive engagement, awareness sessions, and accessible guidance for non-security teams.
What We're Looking For
Experience
2 to 4 years of experience in GRC, information security compliance, IT audit, or a closely related function, ideally within payments, financial services, or fintech.
Practical working knowledge of PCI DSS (v4.0.1 preferred), ISO 27001, and SOC 2. Familiarity with DORA, NIST CSF, or the EU AI Act is a plus.
Experience supporting or directly managing external audits and assessments, including evidence collation and assessor liaison.
Demonstrated ability to own a programme workstream independently, from planning through to delivery.
Well-versed in risk management processes include risk identification, third-party risk management and merchant due diligence.
Skills and Approach
Clear written and verbal communication. You can translate a compliance requirement or risk finding for a technical team and a business stakeholder with equal clarity.
Analytical and process-oriented mindset. You look for root causes, not just point-in-time fixes.
Comfortable operating with ambiguity. You can prioritise and structure your work without every requirement being fully defined upfront.
Methodical and well-organised, with strong attention to detail and a consistent track record of delivering on commitments.
Collaborative and pragmatic. You understand that security and compliance must work with the business, not against it.
Preferred
CISA, CISM, PCIP, ISO 27001 Lead Implementer or Auditor, or equivalent certification.
Familiarity with cloud environments (AWS, Azure, GCP) in a GRC or compliance context.
Experience with GRC tooling, risk platforms, or compliance automation.
Exposure to AI governance frameworks such as ISO 42001, EU AI Act, or NIST AI RMF.
Hybrid Working Model
All of our offices globally are onsite three times per week (Tuesday, Wednesday, and Thursday). We've worked towards enabling teams to work collaboratively in the same space while also being able to partner with colleagues globally. During your days at the office, we offer great snacks, breakfast, and lunch options in all of our locations.
Additional Information
Bring all of you to work
We create the conditions for high performers to thrive, through real ownership, fewer blockers, and work that makes a difference from day one.
Here, you’ll move fast, take on meaningful challenges, and be recognized for the impact you deliver. It’s a place where ambition gets met with opportunity, and where your growth is in your hands.
We work as one team, and we back each other to succeed. So whatever your background or identity, if you’re ready to grow and make a difference, you’ll be right at home here.
It’s important we set you up for success and make our process as accessible as possible. So let us know in your application, or tell your recruiter directly, if you need anything to make your experience or working environment more comfortable.
Life at Checkout.com
We understand that work is just one part of your life. Our hybrid working model offers flexibility, with three days per week in the office to support collaboration and connection.
Curious about what it’s like to be part of our team? Visit our Careers Page to learn more about our culture, open roles, and what drives us.
For a closer look at daily life at Checkout.com , follow us on LinkedIn and Instagram
Recommended Jobs
SAP Manager PP/QM
We are seeking an experienced SAP Production Planning and Quality Management Manager to join one of our main clients (Big 4) in the UK. The successful candidate will work across full project lifecy…
Temporary Enrolment Advisor
Are you available immediately to support this fascinating client with converting leads to sales? If you have proven experience in commercial sales and thrive under pressure, this represents an exciti…
Exams Officer - Good Secondary School - Uxbridge
Are you a detail-oriented and organised Exams Officer looking to join a supportive school environment? A well-regarded Good secondary school in Uxbridge is seeking an Exams Officer to manage and …
Planning Manager
About WPP Media WPP is the trusted growth partner for the world’s leading brands. With exceptional talent, trusted data and intelligence, and world-class partnerships – all united by our pioneer…
Client Services Account Handler/ Technician (Associate)
About Us On a mission to reinvigorate broking. Oneglobal is a commercial insurance and reinsurance broker set up with the singular focus of improving the way in which businesses around the world m…
AI Recruitment Manager
Job Title: AI Recruitment Lead Location: London (Hybrid) Reporting to: Senior AI Recruitment Manager Recruitment Manager looking for a new challenge? Experience specialising in software?…
Art Teacher - High-Achieving Mixed School - Croydon...
Art Teacher - High-Achieving Mixed School - Croydon (September Start) Are you a hard-working, motivated and driven teacher who wants good support and career progression? • Art Teacher Role • Tea…
Sous Chef - Norwood
Join our Team as a Sous Chef! What We Offer You At Portobello, we believe in honesty, integrity, fairness, and great hospitality. We’re proud to create welcoming pubs and bars where our teams fe…
Sr. Manager, Customer Technical Architects
About Us: We love going to work and think you should too. Our team is dedicated to trust, customer obsession, agility, and striving to be better everyday. These values serve as the foundation of …