AI Engineer (IT Security & Compliance)

About Unlimit

Unlimit is the global fintech powerhouse behind the world’s largest proprietary payments infrastructure.
Founded in 2009, Unlimit operates across 17 global offices with 700+ experts, seamlessly integrating 1,000+ payment methods into a single platform. From London to São Paulo, we empower businesses to scale across borders with a unified suite of financial tools — including payment processing, alternative payment methods, multicurrency business accounts, card issuing, banking-as-a-service, and crypto on- and off-ramps.
Our mission is to break down financial barriers and enable seamless money movement across borders. We give forward-thinking businesses the tools to accept, send, and manage payments effortlessly, wherever they operate.

Job Description
We are looking for a Security Compliance Engineer to build and operate AI-driven compliance systems that keep Unlimit continuously aligned with global regulatory, legal, and industry standards — including PSD2, DORA, PCI DSS, SWIFT CSP, ISO 27001, and GDPR. You will combine deep security knowledge with automation expertise to make compliance measurable, auditable, and real-time — ensuring that Unlimit remains always “audit-ready”.

What You’ll Be Doing
At Unlimit, compliance is not paperwork — it’s an intelligent, automated process woven into every part of our technology stack. As a Security Compliance Engineer, you’ll design and run systems that continuously validate our security controls, collect evidence automatically, and generate insights for management and auditors with minimal manual intervention.
Implement Continuous Control Monitoring across cloud and SaaS environments — leveraging AI/LLM/RAG models to map regulatory requirements to implemented controls, detect deviations in near real time, and surface risk heatmaps and dashboards for executive visibility.
Automate evidence management for PCI DSS, ISO 27001, DORA, and SWIFT CSP — using AI-based extraction, classification, and correlation engines to assemble audit-ready evidence packs and draft responses; keep immutable trails and citations for auditor traceability.
Own the lifecycle of Information Security policies, standards, and procedures.
Run the end-to-end Risk Management workflow — register risks, score likelihood/impact, propose mitigations, track remediation and residual risk, and generate risk reports/heatmaps for management and auditors. Use automation to correlate risks with control gaps, incidents, and vendor posture.
Maintain and evolve the Business Impact Reference Table (BIRT) — quantify business impacts (financial, regulatory, operational, reputational), calibrate impact categories using incident data and scenario analysis, and ensure consistent linkage between BIRT, risk scoring, and control priorities.
Strengthen Third‑Party Risk Management (TPRM) — analyze vendor questionnaires (SIG, CAIQ, SWIFT CSP), cross‑check with threat intel and attack surface data, track CAPA/remediation, and enforce contractual/security clauses and review cycles.
Operate the Policy Exception Register — capture exceptions with compensating controls, enforce expiry/review reminders, and validate effectiveness via continuous monitoring signals.
Drive security awareness with automation — produce adaptive AI-generated content, run phishing simulations, and deliver personalized, role-based awareness metrics to reduce human‑factor risk.
Continuously improve audit readiness — standardize templates, evidence locations, and control narratives; embed ChatOps for faster stakeholder responses; and uphold AI guardrails (data minimization, role scopes, approvals, auditability).

Must-Have:
· 3+ years in Information Security, Compliance, or Risk Management (preferably in fintech or cloud-native environments).
· Hands-on with PCI DSS, ISO 27001/27002, GDPR; working knowledge of DORA, PSD2, and SWIFT CSP.
· Experience running Risk Management cycles (risk register, scoring, treatment, residual risk, dashboards/heatmaps).
· Proven ability to maintain BIRT (impact categories, calibration, linkage to risk scoring and control priorities).
· Ownership of IS policies/standards/procedures: drafting, benchmarking, versioning, approvals, and periodic reviews.
· Familiarity with AWS/Azure, Terraform, Git-based workflows, and CI/CD pipelines.
· Automated evidence collection using OPA/Conftest, CloudTrail/Config, Security Hub (or equivalents); immutable evidence trails.
· Practical knowledge of AI workflows (LLMs, RAG) and automation tools (e.g., n8n, Windmill, Tines) for compliance tasks.
· Strong documentation and communication skills; ability to produce auditor-ready deliverables with clear citations and scope.
· Collaborative mindset across Security, Platform/DevOps, Legal, and Audit; crisp stakeholder communication.

Nice-to-Have:
· Exposure to financial regulator interactions and external audits (e.g., PCI QSA, ISO CB, scheme assessments).
· Knowledge of control frameworks (NIST CSF/800-53, ISO 27005, CIS Critical Security Controls).
· Experience with vendor risk tooling, threat intelligence feeds, and attack surface monitoring.
· Familiarity with vector databases/AI knowledge bases for policy and control mapping.
· Certifications: ISO 27001 Lead Implementer/Lead Auditor, CISA, CCSK, CompTIA Security+, or similar.

Join Unlimit Team now!

Unlimit is an equal opportunity employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We welcome applications from all members of society irrespective of age, sex, disability, sexual orientation, race, religion or belief.