Company Description
We’re Checkout.com. You might not know our name, but companies like eBay, Spotify, Klarna, Uber, and Sony do, because we’re behind many of the digital experiences you use every day.
We are where the world checks out, enabling over 10 billion transactions yearly for more than one billion global shoppers.
Whether you want to book a holiday, order food, renew a subscription, or check out online, there’s a good chance our tech powers the payments behind the scenes. Our platform helps the most ambitious businesses deliver effortless digital experiences, at scale.
If you want to do career-defining work, you’ve come to the right place. We move fast, think globally, and believe great teams are built by hiring exceptional people with conviction, curiosity, and the desire to make an impact.
With 20 offices across six continents and London as our HQ, we’re shaping the future of fintech – and we’re just getting started.
The Role
As an Information Security Analyst at Checkout.com, you will work across the full breadth of the information security function, spanning Governance, Risk and Compliance (GRC), AI Governance, Application Security (AppSec), Technology Risk, and Data Governance. This is a role for someone who has built a solid foundation in information security and is ready to move from guided execution to genuine ownership of tasks and smaller workstreams.
Security at Checkout operates at scale and at pace. We are a global payments business, regulated across multiple jurisdictions, building infrastructure that processes billions of transactions. Our security function needs analysts who understand how different domains fit together, communicate clearly with technical and non-technical colleagues, and take accountability for the quality of their work.
At L2 you will implement security controls, respond to security incidents, identify risks, and support compliance activities across multiple domains. You work independently for extended periods and are developing the cross-domain knowledge and stakeholder skills that will prepare you for programme ownership at L3 and beyond.
How You'll Make Impact
Governance, Risk and Compliance
- Support workstreams within Checkout's GRC programme, including ISO 27001, SOC 2, PCI DSS, and applicable regulatory obligations across our global licensed entities.
- Assist with control evidence collection activities, coordinating with internal teams to gather accurate and timely evidence in support of audit readiness.
- Maintain GRC documentation including policies, standards, procedures, and control matrices under the guidance of senior colleagues.
- Support monitoring of the risk register, tracking remediation activity against agreed timelines and escalating where commitments are at risk.
- Assist in conducting third-party risk assessments, evaluating supplier security controls in line with Checkout's TPRM framework.
- Develop working knowledge of regulatory obligations across Checkout's operating markets, including FCA/PRA requirements, payment scheme rules, and DORA.
AI Governance- Support the operationalisation of Checkout's AI governance framework, aligned to ISO 42001, the EU AI Act, and NIST AI RMF.
- Assist in conducting AI risk assessments for internal AI and ML systems and third-party AI tools, under the guidance of more senior analysts.
- Help maintain an inventory of AI use cases and associated risk classifications, working with product and engineering teams as directed.
- Develop awareness of the evolving regulatory landscape for AI in financial services and contribute to policy and control documentation.
- Contribute to the development and communication of responsible AI usage guidance for staff, helping teams across the business understand acceptable use boundaries, data handling expectations, and the risks associated with AI tools in a regulated environment.
Application Security
- Contribute to Checkout's application security programme, including support for secure code review processes, SDLC integration, and developer security guidance.
- Support threat modelling activities for new and existing products, identifying security requirements under the guidance of senior colleagues.
- Assist in managing vulnerability findings from penetration tests, bug bounty programmes, and automated tooling, tracking remediation and validating fixes.
- Apply knowledge of the OWASP Top 10 and secure development frameworks to practical security reviews and guidance activities.
Technology Risk
- Support technology risk assessments across infrastructure, cloud environments, and third-party systems, contributing to outputs with actionable treatment recommendations.
- Assist with control assurance activities including vulnerability scanning coordination, access control assessments, and firewall and configuration reviews.
- Develop an understanding of Checkout's technology risk landscape, identifying emerging threats and contributing inputs to the risk register.
- Support DORA-related ICT risk management activities under the direction of senior analysts.
Data Governance
- Support Checkout's data governance programme, including data classification activities, data flow mapping, and enforcement of data handling standards.
- Assist with data loss prevention (DLP) controls and tooling, contributing to activities that ensure sensitive data is protected throughout its lifecycle.
- Help maintain records of processing activities (RoPA) and support data protection impact assessments (DPIAs) for new systems.
- Develop working knowledge of GDPR, UK GDPR, and applicable regional data protection requirements as they affect Checkout's operations.
Cross-domain Collaboration
- Work with Engineering, Product, Legal, Procurement, Finance, and Compliance teams to support the embedding of security requirements into processes, systems, and projects.
- Respond to security due diligence requests from merchants, partners, and regulators with accuracy and within agreed SLAs, escalating complex queries appropriately.
- Communicate clearly with internal stakeholders on security requirements, keeping teams updated on changes and project progress.
- Contribute to security awareness initiatives, promoting a security-conscious culture across Checkout.
What We're Looking for
Experience
- 1 to 2 years of experience in information security, IT audit, or a closely related function, ideally within payments, financial services, or fintech.
- Working knowledge of at least one of the following domains: GRC, AppSec, technology risk, or data governance.
- Practical familiarity with at least one compliance framework: PCI DSS, ISO 27001, SOC 2, NIST CSF, or equivalent.
- Some exposure to external audits, risk assessments, or security assurance activities.
- Ability to manage tasks independently and deliver on commitments reliably.
Skills and Approach
- Clear written and verbal communication. You can translate security concepts for technical and non-technical audiences.
- Detail-oriented and methodical. You approach your work carefully and follow through consistently.
- Curious and proactive. You ask questions, flag issues early, and look for root causes rather than surface fixes.
- Collaborative and adaptable. You work effectively across teams and adjust your approach as priorities shift.
- Receptive to feedback and committed to developing your information security skills across multiple domains.
Preferred
- Pursuing or holding a relevant certification: CompTIA Security+, CISA (in progress), ISO 27001 Foundation, or equivalent.
- Familiarity with cloud environments (AWS, Azure, GCP) from a security or compliance perspective.
- Exposure to security or GRC tooling such as Wiz, Qualys, Microsoft Sentinel, ServiceNow GRC, or similar.
- Awareness of AI governance frameworks or the OWASP LLM Top 10.
- Some scripting or automation experience (Python, etc.) is a plus.
Additional Information
Bring all of you to work
We create the conditions for high performers to thrive, through real ownership, fewer blockers, and work that makes a difference from day one.
Here, you’ll move fast, take on meaningful challenges, and be recognized for the impact you deliver. It’s a place where ambition gets met with opportunity, and where your growth is in your hands.
We work as one team, and we back each other to succeed. So whatever your background or identity, if you’re ready to grow and make a difference, you’ll be right at home here.
It’s important we set you up for success and make our process as accessible as possible. So let us know in your application, or tell your recruiter directly, if you need anything to make your experience or working environment more comfortable.
Life at Checkout.com
We understand that work is just one part of your life. Our hybrid working model offers flexibility, with three days per week in the office to support collaboration and connection.
Curious about what it’s like to be part of our team? Visit our Careers Page to learn more about our culture, open roles, and what drives us.
For a closer look at daily life at Checkout.com, follow us on LinkedIn and Instagram