At a Glance
- Tasks: Own PCI DSS compliance and enhance Evervault's risk function while collaborating with engineers.
- Company: Join Evervault, a leader in encryption and data security for developers.
- Benefits: Enjoy a supportive team culture with opportunities for ownership and growth.
- Other info: Work in a small, high-trust team focused on innovative security solutions.
- Why this job: Make a real impact on data security and compliance in a fast-paced environment.
- Qualifications: Deep PCI expertise and technical fluency are essential; legal qualifications are a bonus.
The predicted salary is between 36000 - 60000 £ per year.
Evervault builds encryption and data security infrastructure for developers. APIs and primitives for tokenizing, encrypting, and processing sensitive data at scale, currently focused on powering the payments stack for companies like Rippling, Ramp, and Sorare.
Compliance is core to what we sell. Our customers trust us with their most sensitive data (card numbers, credentials, PII) and they need to know we meet the highest security and compliance standards in the industry. We're looking for a Legal & Compliance Officer to own PCI DSS compliance end-to-end and continue building Evervault's compliance and risk function. Our outgoing Head of Compliance has established strong foundations (policies, processes, certification workflows) so you'll be inheriting a solid base and taking it further as we scale.
If you're also a qualified lawyer who can support commercial legal work (contracts, privacy, regulatory), even better. But the core of this role is compliance.
What You’ll Do
- PCI DSS & Certification (Core)
- Own Evervault's PCI DSS compliance program, maintaining our current certifications and preparing for future assessments.
- Manage relationships with QSAs and auditors, coordinating evidence gathering and remediation across engineering and operations.
- Stay ahead of PCI DSS updates (including v4.x requirements) and translate them into actionable engineering and process changes.
- Own our compliance documentation: policies, procedures, and evidence repositories.
- Support customers with compliance questions, SAQs, and due diligence requests.
- Risk & Security Governance
- Maintain and improve our information security policies and risk register.
- Support SOC 2, ISO 27001, and other certifications as we scale upmarket.
- Work with engineering to embed compliance into how we build, not bolt it on after.
- Legal (Nice to Have)
- Review and negotiate customer contracts, DPAs, and vendor agreements.
- Advise on data protection (GDPR, international privacy frameworks).
- Support regulatory analysis as we expand into new markets and verticals.
Who You Are
- Deep PCI expertise. You know PCI DSS inside out. You've been through multiple assessment cycles, ideally as a QSA, ISA, or leading compliance at a PCI Level 1 service provider. You understand the standard, not just the checklist.
- Technical fluency. You can talk to engineers about encryption, tokenization, key management, and network segmentation without needing everything translated. You don’t need to write code, but you need to understand how systems work.
- Ownership mindset. We have strong foundations in place. You'll need to maintain what works, improve what doesn't, and build what's missing as we scale into new markets and upmarket customers.
- Clear communicator. You can explain compliance requirements to engineers, translate technical architecture to auditors, and brief the CEO on risk, all in the same day.
- Pragmatic, not bureaucratic. You care about real security outcomes, not compliance theatre. You find the fastest path to compliance without slowing the business down.
Ideal Background
- Qualified Security Assessor (QSA), strongly preferred.
- Or: ISA-certified, or 3+ years leading PCI DSS compliance at a Level 1 service provider or payment processor.
- Experience with SOC 2, ISO 27001, or GDPR is a plus.
- Legal qualification (solicitor, barrister, or equivalent) is a bonus, not a requirement.
- Experience in a startup or high-growth environment preferred.
Why Evervault
- Compliance is the product, not a cost centre. Your work directly enables revenue.
- Strong compliance foundations already in place. You won't be starting from scratch, but you will have real ownership and room to shape what comes next.
- Small team, high trust, high ownership.
- Work alongside deeply technical engineers building some of the most security-critical infrastructure in payments.
- We are in office Tues-Thursday, Mondays & Fridays encouraged.
- We are unable to offer sponsorship at this time.
Legal & PCI Compliance Officer in London employer: Evervault
Evervault is an exceptional employer that prioritises compliance and security, making it a vital part of our product offering. With a strong foundation in place, you will have the opportunity to take ownership of PCI DSS compliance while working alongside a talented team of engineers in a high-trust environment. Our flexible work culture encourages collaboration in the office and supports your professional growth as we scale into new markets.
StudySmarter Expert Advice🤫
We think this is how you could land Legal & PCI Compliance Officer in London
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the compliance and legal space. Attend industry events, webinars, or even local meetups. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your expertise! When you get the chance to chat with potential employers, make sure to highlight your deep PCI knowledge and any relevant experience. Be ready to discuss how you've tackled compliance challenges in the past—this will set you apart from the crowd.
✨Tip Number 3
Don’t underestimate the power of follow-ups! After interviews or networking chats, drop a quick thank-you email. It keeps you fresh in their minds and shows your enthusiasm for the role. Plus, it’s a great opportunity to reiterate why you’re the perfect fit for their team.
✨Tip Number 4
Apply through our website! We’ve got a streamlined process that makes it easy for you to showcase your skills. Plus, applying directly shows your genuine interest in joining our team at Evervault. Let’s get you on board!
We think you need these skills to ace Legal & PCI Compliance Officer in London
Some tips for your application 🫡
Show Off Your Compliance Knowledge:Make sure to highlight your deep understanding of PCI DSS in your application. We want to see that you know the ins and outs of compliance, not just the basics. Share any relevant experiences that demonstrate your expertise!
Tailor Your Application:Don’t just send a generic application! Tailor your CV and cover letter to reflect how your skills align with our needs at Evervault. Mention specific projects or roles where you've successfully managed compliance or legal work.
Be Clear and Concise:When writing your application, clarity is key. Use straightforward language to explain your experience and qualifications. We appreciate a well-structured application that gets straight to the point without unnecessary fluff.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at Evervault
✨Know Your PCI DSS Inside Out
Make sure you’re well-versed in PCI DSS standards and requirements. Brush up on the latest updates, especially v4.x, and be ready to discuss how you've navigated compliance assessments in the past. This will show that you’re not just familiar with the checklist but understand the core principles behind it.
✨Communicate Clearly and Confidently
Prepare to explain complex compliance concepts in simple terms. You might need to translate technical jargon for non-technical stakeholders, so practice articulating your thoughts clearly. Think about examples where you’ve successfully communicated compliance needs to engineers or executives.
✨Demonstrate Ownership and Initiative
Show that you have an ownership mindset by discussing how you’ve improved compliance processes in previous roles. Be ready to share specific examples of how you’ve maintained existing frameworks while also identifying gaps and building new solutions as needed.
✨Understand the Business Impact of Compliance
Be prepared to talk about how compliance isn’t just a box-ticking exercise but a crucial part of enabling business growth. Discuss how you can balance compliance with operational efficiency, ensuring that security outcomes are achieved without hindering the company’s progress.
