Head of Security & Compliance

This job is with Masabi, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community.

About Us: At Masabi, we're driving the fare payment revolution, powering the journeys of millions all over the world. We build fare collection platforms that allow riders to seamlessly buy and present tickets for public transport either on their mobile phones, from a ticket machine, or even by tapping their bank card to travel. Our Justride platform is used in over 250 locations globally, including some of the largest cities in the world. With our industry-first mobile ticketing SDK, we've partnered with large players in the transport space, including Uber, Moovit and Transit. Your own journey is important to us too. Choosing a role here means joining a network of innovators from all walks of life; a group of passionate individuals who consistently deliver. Here, you'll find the tools you need to build the career you want. Whether you're taking the direct route or trying a new path, we'll support you no matter what.

The Role: At Masabi, we're building technology that makes public transport simpler, fairer and more accessible for millions of people. That only works if our platform is secure, trusted and reliable. As our Head of Security & Compliance, you'll step into a role that is central to how we build trust with our customers and scale as a global SaaS business. You'll own security and compliance end to end, shaping how we approach it as a company and how it works in practice day to day. You'll lead a small team, bringing clarity, focus and direction as you build on solid foundations and evolve this area alongside the business. In the near term, you'll focus on understanding where we are today, strengthening our approach to key areas like audits and compliance, and helping teams move forward with confidence. You'll work closely with Engineering, Product and Legal to turn requirements into practical, well-executed outcomes. This is a senior role where you'll stay close to the work, especially in the early stages. Over time, you'll shape a more structured and scalable function, helping Masabi stay ahead of evolving standards and make thoughtful decisions around risk.

Location: This role is available on a remote basis for candidates located anywhere in the UK. Candidates based in London may also work in a hybrid model, with occasional travel to the office.

Responsibilities:

• Take ownership of security and compliance across Masabi, creating clarity on priorities and ways of working.
• Build a clear view of our current security posture and define a practical path to strengthen it over time.
• Define security and compliance requirements and work closely with Engineering and IT teams to ensure they are implemented effectively.
• Maintain existing compliance across PCI DSS, ISO27001, SOC2 and Cyber Essentials, and lead new compliance initiatives across additional standards such as ISO 27017 and ISO 27018.
• Manage audits end to end, from preparation through to delivery and follow-up actions.
• Work closely with Engineering and Product teams to embed security practices in a way that supports delivery.
• Maintain a clear and actionable view of risk, helping the business prioritise what matters most.
• Build a more scalable approach to customer assurance, including clearer processes and reusable materials for customer and audit requests.
• Help guide decisions on which compliance standards we take on as we grow.
• Lead and support a small team, creating focus, trust and shared direction.

About You: You've worked in security and compliance within a payments, fintech or PCI-regulated environment. You have strong, hands-on experience with PCI DSS, ISO27001 and SOC2, including preparing for and delivering audits. You've personally owned and delivered compliance programmes, not just overseen them. You understand how security and compliance connect, and how to make them work in practice across a business. You've operated in a growing or scaling company, where you've had to bring structure and prioritise effectively. You're comfortable driving work across teams without direct authority, and following through to completion. You bring sound judgement when balancing risk, delivery and commercial needs. You've supported or led a small team and know how to create clarity and accountability. You communicate clearly with both technical and non-technical audiences, helping people understand what matters and what action is needed.

Nice To Have: Experience working with additional ISO standards such as ISO 27017 and ISO 27018. Experience scaling security and compliance in a growing SaaS company, especially through periods of increased customer or regulatory demand. Relevant certifications such as CISSP, CISM, CISA or ISO27001 Lead Auditor or similar. Awareness of AI-related security and governance considerations, and how they may apply in a SaaS environment.

Some of Our Benefits: 25 days of holiday per year plus the option to buy another 5 days pro-rated. Private Healthcare via AXA, including pre-existing conditions and mental health. Life Insurance. Menopause support. Choice of workstation. Ability to work for up to 3 months per year from any country in the world (certain limitations). Pension scheme. Training allowance of up to £1000 per year. £200 annual allowance for any home office need or improvement. Enhanced family leave pay. Cycle to work scheme. Regular social gatherings with a monthly allowance for each employee. Fun and collaborative environment with a focus on making a difference in the world.

Careers at Masabi are for people going places - driven by a mission to make transit fair and accessible for all. We are a network of innovators from all walks of life, passionate about making a difference. At Masabi, we operate with openness and trust, creating an environment where everyone feels empowered to bring their whole, authentic selves to work. Whoever you are, just be yourself. We welcome applications from underrepresented groups, including disabled and neurodivergent people, and can make adjustments at any stage of the process. You're also welcome to share your pronouns whenever you feel comfortable. Together, we simplify journeys, remove barriers, and improve daily life for millions.

Why Join Masabi? Driven by Purpose - We believe in journeys made simple. The work isn't always easy, but the best things never are. Encouraged to Accelerate - Masabi is going places and our people are in the driving seat. Whether you're taking the direct route or exploring new paths, we support your journey. Advancing with Empathy - We put people first and foster a culture of learning, not blame. No matter your cargo, we share the load. We're already powering journeys - are you ready to join us?