Head of Security & Compliance

About The Position

Requirements

• You’ve worked in security and compliance within a payments, fintech or PCI-regulated environment
• You have strong, hands-on experience with PCI DSS, ISO27001 and SOC2, including preparing for and delivering audits
• You’ve personally owned and delivered compliance programmes, not just overseen them
• You understand how security and compliance connect, and how to make them work in practice across a business
• You’ve operated in a growing or scaling company, where you’ve had to bring structure and prioritise effectively
• You’re comfortable driving work across teams without direct authority, and following through to completion
• You bring sound judgement when balancing risk, delivery and commercial needs
• You’ve supported or led a small team and know how to create clarity and accountability
• You communicate clearly with both technical and non-technical audiences, helping people understand what matters and what action is needed

Nice To Haves

• Experience working with additional ISO standards such as ISO 27017 and ISO 27018
• Experience scaling security and compliance in a growing SaaS company, especially through periods of increased customer or regulatory demand
• Relevant certifications such as CISSP, CISM, CISA or ISO27001 Lead Auditor or similar
• Awareness of AI-related security and governance considerations, and how they may apply in a SaaS environment

Responsibilities

• Take ownership of security and compliance across Masabi, creating clarity on priorities and ways of working
• Build a clear view of our current security posture and define a practical path to strengthen it over time
• Define security and compliance requirements and work closely with Engineering and IT teams to ensure they are implemented effectively
• Maintain existing compliance across PCI DSS, ISO27001, SOC2 and Cyber Essentials, and lead new compliance initiatives across additional standards such as ISO 27017 and ISO 27018
• Manage audits end to end, from preparation through to delivery and follow-up actions
• Work closely with Engineering and Product teams to embed security practices in a way that supports delivery
• Maintain a clear and actionable view of risk, helping the business prioritise what matters most
• Build a more scalable approach to customer assurance, including clearer processes and reusable materials for customer and audit requests
• Help guide decisions on which compliance standards we take on as we grow
• Lead and support a small team, creating focus, trust and shared direction

Benefits

• 20 days of vacation per year (in addition to public holidays). On top of this, our office is shut every year between Christmas and New Year, totaling a whopping 28+ days of vacation
• Private Healthcare and Life Insurance
• Menopause support
• Choice of a workstation
• Training allowance of up to CAD$1300 per year
• CAD$325 per year to spend on your home office
• $50 CAD per month for team building activities
• Ability to work for up to 3 months per year from any country in the world
• Enhanced family leave