Head of Security & Compliance at Masabi overseeing security and compliance for public transport systems globally. Leading initiatives to strengthen compliance and security practices.
Responsibilities
Take ownership of security and compliance across Masabi, creating clarity on priorities and ways of working
Build a clear view of our current security posture and define a practical path to strengthen it over time
Define security and compliance requirements and work closely with Engineering and IT teams to ensure they are implemented effectively
Maintain existing compliance across PCI DSS, ISO27001, SOC2 and Cyber Essentials, and lead new compliance initiatives across additional standards such as ISO 27017 and ISO 27018
Manage audits end to end, from preparation through to delivery and follow-up actions
Work closely with Engineering and Product teams to embed security practices in a way that supports delivery
Maintain a clear and actionable view of risk, helping the business prioritise what matters most
Build a more scalable approach to customer assurance, including clearer processes and reusable materials for customer and audit requests
Help guide decisions on which compliance standards we take on as we grow
Lead and support a small team, creating focus, trust and shared direction
Requirements
You’ve worked in security and compliance within a payments, fintech or PCI-regulated environment
You have strong, hands-on experience with PCI DSS, ISO27001 and SOC2, including preparing for and delivering audits
You’ve personally owned and delivered compliance programmes, not just overseen them
You understand how security and compliance connect, and how to make them work in practice across a business
You’ve operated in a growing or scaling company, where you’ve had to bring structure and prioritise effectively
You’re comfortable driving work across teams without direct authority, and following through to completion
You bring sound judgement when balancing risk, delivery and commercial needs
You’ve supported or led a small team and know how to create clarity and accountability
You communicate clearly with both technical and non-technical audiences, helping people understand what matters and what action is needed
Benefits
20 days of vacation per year (in addition to public holidays). On top of this, our office is shut every year between Christmas and New Year, totaling a whopping 28+ days of vacation
Private Healthcare and Life Insurance
Menopause support
Choice of a workstation
Training allowance of up to CAD$1300 per year
CAD$325 per year to spend on your home office
$50 CAD per month for team building activities
Ability to work for up to 3 months per year from any country in the world
Lead AI Red Team focusing on adversarial testing and security for enterprise - scale AI systems. Collaborate with engineering and compliance to map vulnerabilities and document findings.
Intern in operational security at Investissement Québec, supporting security alert management and vulnerability tracking in a supervised learning environment.
IT Information Security Lead at Mirego, responsible for technology and information security management. Overseeing compliance and IT strategies while maintaining operational efficiency.
Cybersecurity Specialist focusing on offensive security for Exposant 3. Performing penetration testing, security audits, and team knowledge transfer in a hybrid work setup.
Financial security advisor in life and health insurance, developing and maintaining client relationships. Selling insurance products and assessing customer needs to provide personalized solutions.
Senior Security Engineer designing and maintaining Microsoft 365 security solutions at ResMed. Focusing on compliance, incident response, and collaboration with global teams.
Senior Infrastructure professional solving practical security challenges and improving enterprise systems security at Confluence. Focused on implementation, remediation, and secure operations across Windows and Linux environments.
Senior infrastructure professional responsible for vulnerability remediation and security improvements across enterprise systems at Confluence. Hands - on role involving Windows and Linux environments with strong collaboration with Cybersecurity team.
Enterprise Security Architect responsible for implementing information security best practices at SecureOps. Collaborating with clients to analyze networks and provide effective security solutions.
Health, safety, and environment advisor responsible for maintaining compliance and promoting safety practices. Supporting project teams and developing SSE programs to manage risks in the workplace.