Information Security GRC Engineering Consultant

VISA
London

About Us
Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

 

At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world.

 

Join Visa and do work that matters – to you, to your community, and to the world. Progress starts with you.

 

Job Description

 

In your role as Information Security GRC Engineering Consultant - Featurespace, you will help us achieve our goals and deliver success on behalf of our customers by:

  • Building systems and frameworks, in line with industry standards, Visa Key Controls and customer expectations, that make compliance continuous, measurable, and low‑friction, moving Featurespace away from point‑in‑time, audit‑driven assurance toward scalable, repeatable control-based implementation.

  • Acting as a hands‑on, solutions‑driven GRC engineering consultant, translating regulatory and control requirements (PCI DSS, SOC 2, Visa KCX) into practical, implementable controls within our products, teams and cloud environments.

  • Designing and implementing automation where it adds genuine value, including control validation, evidence collection, workflow orchestration, and compliance telemetry.

  • Leading compliance outcomes through expertise and influence (not direct line management), working cross‑functionally with the product, engineering and platform teams in Featurespace, and the central Visa Cyber, Risk and Legal teams.

  • Helping Featurespace integrate effectively into Visa’s security and compliance ecosystem, ensuring centrally provided capabilities (policies, third‑party risk, training, tooling) are correctly applied to Featurespace products, services, and delivery models.

  • Providing assurance to our customers by providing appropriate responses to customer RFP questions and customer audits on topics such as cybersecurity, technology operations, and compliance with standards (e.g., PCI DSS, SOC 2).

 

Responsibilities
As a company we hire people with a willingness to adapt to a variable role, so along with the key responsibilities below, we ask for ownership of any other duties as required.

 

1. Control Framework Ownership & Assurance

  • Lead the implementation and ongoing operation of Featurespace’s security controls framework, ensuring alignment with Visa Key Controls, PCI DSS, SOC 2, and other applicable regulatory or customer requirements, and ensuring controls are implemented in a manner appropriate to Featurespace products, services, and delivery models.

  • Coordinate and lead Featurespace’s annual certification and assurance activities (e.g. PCI DSS, SOC 2), acting as the primary point of integration between Featurespace internal teams, external auditors, and Visa central control functions, and ensuring audit activities are delivered efficiently, accurately, and on time.

  • Ensure all processes are operating effectively and are correctly evidenced, including the maintenance of appropriate documentation, dependency mapping, and traceability to responsible teams and subject matter experts.

 

2. GRC Engineering, Integration & Automation

  • Translate regulatory, compliance, and control requirements into practical, product-aware implementations, working directly with engineering and platform teams to embed controls into architectures, CI/CD pipelines, cloud environments, and operating processes.

  • Design, build, and maintain automation to support compliance activities where it adds demonstrable value, including:

  • control validation and continuous assurance

  • evidence collection, normalisation, and retention

  • workflow orchestration and exception handling

  • metrics, reporting, and compliance visibility

  • Apply engineering judgement to determine what should be automated in the short term, what requires process or architectural maturity or redesign to be effective, and what is not suitable for automation.

  • Ensure Featurespace teams are effectively integrated with Visa’s centrally provided security and compliance capabilities, identifying when changes in Featurespace products, architectures, suppliers, customer requirements, or operating models introduce new or materially changed obligations, and ensuring the appropriate Visa processes and assessments are engaged, including:

  • policy and standards frameworks

  • third-party risk management processes

  • security architecture assessments

  • security awareness and training programmes

  • legal and commercial contracting

  • risk management and governance tooling

 

3. Advisory, Enablement & Secure-by-Design

  • Act as a trusted advisor and subject matter expert to Featurespace engineering, product, commercial, and leadership teams, helping stakeholders understand information security and compliance expectations and how to meet them pragmatically.

  • Drive a secure-by-design and shift-left mindset, ensuring compliance and assurance considerations are addressed early in delivery rather than deferred to audit windows, and facilitating the timely closure of gaps and findings identified through Visa vulnerability management and secure assessment processes.

  • Develop and maintain repeatable patterns, reference implementations, standards, procedures, and guidance that reduce friction for delivery teams while maintaining strong assurance, consulting with and coordinating input from subject matter experts as required.

 

4. Risk Management, Audit & External Engagement

  • Conduct security risk assessments and business impact analyses, and recommend appropriate control improvements to address identified risks or weaknesses.

  • Provide oversight and assurance of corrective, preventative, or remediation activities, utilising Visa risk management tooling, working with identified application and service owners, and escalating issues at risk of missing deadlines in a timely and effective manner.

  • Represent Information Security with customers, auditors, and internal stakeholders, particularly during assurance windows and customer security engagements.

  • Coordinate and lead responses to customer RFP questions and security audits, ensuring responses are timely, accurate, repeatable, re-usable, traceable to responsible SMEs, and supported by appropriate evidence.

  • Support incident response and recovery activities where compliance or control effectiveness is impacted, ensuring appropriate remediation actions are taken and evidenced.

  • Travel periodically as required for customer, company, or relevant events.

  • This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

Posted 2026-04-18

Recommended Jobs

Social Worker Adults - Experienced (SWL3)

Enfield Council
Enfield, Greater London

Job Category : Social Care – Qualified Location : Civic Centre, Enfield Council Hours Per Week : 35.00 Start Date : Immediate Start Start Time : 09:00 End Time : 17:00 Salary: £25.00 …

View Details
Posted 2025-09-10

Applied AI Architect, Public Sector

Anthropic
London

About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a qui…

View Details
Posted 2026-06-27

Special Educational Needs Teaching Assistant (SEN TA)

Marchant Recruitment
London

Location: London Borough of Hammersmith & Fulham Role Type: Full-time & Long-term Opportunities (Part-time considered) Start Date: Flexible / Immediate / Upcoming Term Salary: Competit…

View Details
Posted 2026-01-27

Director, Professional Services, EMEA

Klaviyo
London

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair sho…

View Details
Posted 2026-06-18

Feature Owner, ADAS

wayve
London

The Role  In this pivotal role as a Product Feature Owner, you will take end-to-end responsibility for specific ADAS functionalities, such as TFL, High Beam Assist, Blind Spot Monitoring, Rear Cros…

View Details
Posted 2026-07-06

People Partner (12 Months Maternity Leave Cover)

OLIVER Agency
London

Established in 2004, OLIVER is the world’s first and only specialist in designing, building, and running bespoke in-house agencies and marketing ecosystems for brands. We partner with over 300 clie…

View Details
Posted 2026-06-27

Corporate Research (Consumer/Retail sectors)

Michael Page
London

A brief overview of the role: Support the production of industry and thematic research to inform business strategy and client engagement Analyse macroeconomic and sector trends, translating i…

View Details
Posted 2026-06-18