At a Glance
- Tasks: Own PCI DSS compliance, manage audits, and improve security policies.
- Company: Join Evervault, a leader in encryption and data security for developers.
- Benefits: Competitive salary, flexible work environment, and opportunities for professional growth.
- Other info: Dynamic team culture focused on innovation and real security outcomes.
- Why this job: Make a real impact on data security while working with cutting-edge technology.
- Qualifications: Deep PCI expertise and technical fluency required; legal background is a plus.
The predicted salary is between 70000 - 90000 £ per year.
Evervault builds encryption and data security infrastructure for developers. APIs and primitives for tokenizing, encrypting, and processing sensitive data at scale, currently focused on powering the payments stack for companies like Rippling, Ramp, and Sorare.
Compliance is core to what we sell. Our customers trust us with their most sensitive data (card numbers, credentials, PII) and they need to know we meet the highest security and compliance standards in the industry.
We're looking for a Legal & Compliance Officer to own PCI DSS compliance end-to-end and continue building Evervault's compliance and risk function. Our outgoing Head of Compliance has established strong foundations (policies, processes, certification workflows) so you'll be inheriting a solid base and taking it further as we scale.
If you're also a qualified lawyer who can support commercial legal work (contracts, privacy, regulatory), even better. But the core of this role is compliance.
What You’ll Do
- PCI DSS & Certification (Core)
- Own Evervault's PCI DSS compliance program, maintaining our current certifications and preparing for future assessments.
- Manage relationships with QSAs and auditors, coordinating evidence gathering and remediation across engineering and operations.
- Stay ahead of PCI DSS updates (including v4.x requirements) and translate them into actionable engineering and process changes.
- Own our compliance documentation: policies, procedures, and evidence repositories.
- Support customers with compliance questions, SAQs, and due diligence requests.
- Risk & Security Governance
- Maintain and improve our information security policies and risk register.
- Support SOC 2, ISO 27001, and other certifications as we scale upmarket.
- Work with engineering to embed compliance into how we build, not bolt it on after.
- Legal (Nice to Have)
- Review and negotiate customer contracts, DPAs, and vendor agreements.
- Advise on data protection (GDPR, international privacy frameworks).
- Support regulatory analysis as we expand into new markets and verticals.
Who You Are
- Deep PCI expertise. You know PCI DSS inside out. You've been through multiple assessment cycles, ideally as a QSA, ISA, or leading compliance at a PCI Level 1 service provider. You understand the standard, not just the checklist.
- Technical fluency. You can talk to engineers about encryption, tokenization, key management, and network segmentation without needing everything translated. You don't need to write code, but you need to understand how systems work.
- Ownership mindset. We have strong foundations in place. You'll need to maintain what works, improve what doesn't, and build what's missing as we scale into new markets and upmarket customers.
- Clear communicator. You can explain compliance requirements to engineers, translate technical architecture to auditors, and brief the CEO on risk, all in the same day.
- Pragmatic, not bureaucratic. You care about real security outcomes, not compliance theatre. You find the fastest path to compliance without slowing the business down.
Ideal Background
- Qualified Security Assessor (QSA), strongly preferred.
- Or: ISA‑certified, or 3+ years leading PCI DSS compliance at a Level 1 service provider.
Senior PCI Compliance & Risk Officer in London employer: Evervault Inc.
Evervault is an exceptional employer that prioritises a culture of innovation and collaboration, making it an ideal place for professionals passionate about data security and compliance. With a strong focus on employee growth, we offer opportunities to take ownership of critical compliance functions while working alongside talented engineers in a dynamic environment. Our commitment to maintaining the highest security standards ensures that you will be part of a mission-driven team dedicated to protecting sensitive data for leading companies.
StudySmarter Expert Advice🤫
We think this is how you could land Senior PCI Compliance & Risk Officer in London
✨Tip Number 1
Network like a pro! Attend industry events, webinars, and meetups related to compliance and data security. It's a great way to meet people in the field and get your name out there. Plus, you never know who might be looking for someone with your skills!
✨Tip Number 2
Show off your expertise! Create a LinkedIn profile that highlights your PCI DSS knowledge and experience. Share articles, comment on relevant posts, and engage with others in the compliance community. This will help you stand out as a thought leader in the space.
✨Tip Number 3
Don’t just apply – connect! When you find a role that excites you, reach out to someone at the company through LinkedIn or other channels. A personal touch can make all the difference and show your genuine interest in the position.
✨Tip Number 4
Keep it real during interviews! Be prepared to discuss how you've tackled compliance challenges in the past. Use specific examples to demonstrate your problem-solving skills and ownership mindset. And remember, we’re here to help you land that dream job, so check out our website for more opportunities!
We think you need these skills to ace Senior PCI Compliance & Risk Officer in London
Some tips for your application 🫡
Show Off Your PCI Expertise:Make sure to highlight your deep understanding of PCI DSS in your application. We want to see that you know the ins and outs of compliance, not just the basics. Share specific examples of your experience with assessments and how you've navigated the complexities of PCI compliance.
Communicate Clearly:Since you'll be liaising with both technical teams and non-technical stakeholders, it's crucial to demonstrate your communication skills. Use straightforward language in your application to show us you can bridge the gap between compliance requirements and engineering needs.
Emphasise Ownership and Initiative:We love candidates who take ownership! In your application, mention instances where you've improved compliance processes or built new frameworks. Show us that you're proactive and ready to take our compliance function to the next level.
Apply Through Our Website:Don't forget to submit your application through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. Plus, it shows us you're serious about joining our team!
How to prepare for a job interview at Evervault Inc.
✨Know Your PCI DSS Inside Out
Make sure you’re well-versed in PCI DSS standards and recent updates, especially v4.x requirements. Be ready to discuss your past experiences with compliance assessments and how you've navigated challenges in previous roles.
✨Show Your Technical Fluency
Brush up on technical terms related to encryption, tokenization, and key management. You should be able to engage in conversations with engineers without needing everything explained. This will demonstrate your ability to bridge the gap between compliance and technical teams.
✨Demonstrate Ownership Mindset
Prepare examples of how you've taken ownership of compliance programs in the past. Highlight instances where you maintained existing processes, improved inefficiencies, or built new frameworks. This will show that you can adapt and grow with the company.
✨Communicate Clearly and Pragmatically
Practice explaining complex compliance concepts in simple terms. You might need to communicate with various stakeholders, from engineers to the CEO. Being able to convey information clearly and focus on practical outcomes will set you apart.
