Security Compliance Engineer (Fintech)

TL;DR

Security Compliance Engineer (Fintech): Building and operating AI-driven compliance systems to align with global regulatory, legal, and industry standards with an accent on continuous control monitoring, automated evidence management, and risk management workflows. Focus on improving audit readiness through standardization, AI guardrails, and stakeholder communication.

Location: On-site in Belgrade

Company

hirify.global is a global fintech company operating across 17 global offices, integrating 1,000+ payment methods into a single platform.

What you will do

• Implement continuous control monitoring across cloud and SaaS environments, leveraging AI models to map regulatory requirements to implemented controls.
• Automate evidence management for PCI DSS, ISO 27001, DORA, and SWIFT CSP, using AI-based extraction and classification engines.
• Own the lifecycle of Information Security policies, standards, and procedures.
• Run the end-to-end Risk Management workflow, including risk registration, scoring, mitigation, and reporting.
• Strengthen Third‑Party Risk Management by analyzing vendor questionnaires and tracking remediation.
• Drive security awareness with automation by producing adaptive AI-generated content and running phishing simulations.

Requirements

• 3+ years in Information Security, Compliance, or Risk Management (preferably in fintech or cloud-native environments).
• Hands-on experience with PCI DSS, ISO 27001/27002, GDPR, and working knowledge of DORA, PSD2, and SWIFT CSP.
• Experience running Risk Management cycles, including risk register, scoring, and treatment.
• Familiarity with AWS/Azure, Terraform, Git-based workflows, and CI/CD pipelines.
• Practical knowledge of AI workflows (LLMs, RAG) and automation tools for compliance tasks.
• Strong documentation and communication skills.

Nice to have

• Exposure to financial regulator interactions and external audits.
• Knowledge of control frameworks (NIST CSF/800-53, ISO 27005, CIS Critical Security Controls).
• Experience with vendor risk tooling, threat intelligence feeds, and attack surface monitoring.
• Familiarity with vector databases/AI knowledge bases for policy and control mapping.
• Certifications: ISO 27001 Lead Implementer/Lead Auditor, CISA, CCSK, CompTIA Security+, or similar.

Culture & Benefits

• Equal opportunity employer, believes in employing a diverse workforce.