Head of Security & Compliance

Masabi

13h•Remote

About The Position

At Masabi, we’re building technology that makes public transport simpler, fairer and more accessible for millions of people. That only works if our platform is secure, trusted and reliable. As our Head of Security & Compliance, you’ll step into a role that is central to how we build trust with our customers and scale as a global SaaS business. You’ll own security and compliance end to end, shaping how we approach it as a company and how it works in practice day to day. You’ll lead a small team, bringing clarity, focus and direction as you build on solid foundations and evolve this area alongside the business. In the near term, you’ll focus on understanding where we are today, strengthening our approach to key areas like audits and compliance, and helping teams move forward with confidence. You’ll work closely with Engineering, Product and Legal to turn requirements into practical, well-executed outcomes. This is a senior role where you’ll stay close to the work, especially in the early stages. Over time, you’ll shape a more structured and scalable function, helping Masabi stay ahead of evolving standards and make thoughtful decisions around risk.

Requirements

You’ve worked in security and compliance within a payments, fintech or PCI-regulated environment
You have strong, hands-on experience with PCI DSS, ISO27001 and SOC2, including preparing for and delivering audits
You’ve personally owned and delivered compliance programmes, not just overseen them
You understand how security and compliance connect, and how to make them work in practice across a business
You’ve operated in a growing or scaling company, where you’ve had to bring structure and prioritise effectively
You’re comfortable driving work across teams without direct authority, and following through to completion
You bring sound judgement when balancing risk, delivery and commercial needs
You’ve supported or led a small team and know how to create clarity and accountability
You communicate clearly with both technical and non-technical audiences, helping people understand what matters and what action is needed

Nice To Haves

Experience working with additional ISO standards such as ISO 27017 and ISO 27018
Experience scaling security and compliance in a growing SaaS company, especially through periods of increased customer or regulatory demand
Relevant certifications such as CISSP, CISM, CISA or ISO27001 Lead Auditor or similar
Awareness of AI-related security and governance considerations, and how they may apply in a SaaS environment

Responsibilities

Take ownership of security and compliance across Masabi, creating clarity on priorities and ways of working
Build a clear view of our current security posture and define a practical path to strengthen it over time
Define security and compliance requirements and work closely with Engineering and IT teams to ensure they are implemented effectively
Maintain existing compliance across PCI DSS, ISO27001, SOC2 and Cyber Essentials, and lead new compliance initiatives across additional standards such as ISO 27017 and ISO 27018
Manage audits end to end, from preparation through to delivery and follow-up actions
Work closely with Engineering and Product teams to embed security practices in a way that supports delivery
Maintain a clear and actionable view of risk, helping the business prioritise what matters most
Build a more scalable approach to customer assurance, including clearer processes and reusable materials for customer and audit requests
Help guide decisions on which compliance standards we take on as we grow
Lead and support a small team, creating focus, trust and shared direction