Payments Security Specialist
Stockholm, Sweden
H&M Group
We are a family of brands, driven by our desire to make great design available to everyone in a sustainable way.Company Description
H&M is a fashion brand that offers the latest styles and inspiration, from fashion pieces and unique designer collaborations to affordable wardrobe essentials. Our business idea is fashion & quality at the best price in a sustainable way. Learn more about H&M here.
Job Description
Payment at H&M is supported by two teams, Payment Enablement Store and Payment Enablement Online. The teams operate in the component layer that is responsible for producing secure, composable payment solutions in a cost-efficient manner and as per completive time-to-market delivery timelines. The team collaborates closely with the experience layer which are responsible for the customer experience and the end-to-end value. Other important stakeholders' teams within Cyber Security who is over all responsible for governance and liaison with auditors and teams responsible for checkout in store and online and supporting vendors of these solutions.
Each team is managed by a Product Manager and are supported by Business Experts, Software Engineers, Technical Engineers, Program Managers, Solution Architects and Commercial Advisors.
The team’s vision is to strive for fast, secure, and frictionless payments. With an agile mindset and a passion for technology, provide best in class services.
The team mission is to offer a relevant, smooth, and secure payment experience to customers visiting our stores and online channels.
You will be part of the team handling payment compliance (regulations and requirements), PCI DSS, PEN tests, risk assessments & mitigation and overall security of payment solutions in stores and online for all H&M brands worldwide.
You will work on assessing and addressing, planning, and coordinating all penetration test (PEN test) activities, from pre-test involvement in planning and environment preparation to post-test activities such as debriefs, mitigation, and remediation. Maintain a strong understanding of PCI compliance and provide support and coordination for related activities as needed. Collaborate with your team colleagues and relevant stakeholders to ensure proper compliance routines are followed, taking necessary actions to always maintain full payment security compliance in our store & online environments.
Qualifications
Key Responsibilities:
Ensure technical environment is maintained based on H&M objectives, guardrails, and security requirements.
Review security annexes answers of acquirers and PSP during RFI/RFP.
Attestation of Compliancy (AOC) (e.g new PSP, PCI audit) for new and existing PSPs.
Build Security Strategy for devices in store & online (emerging tech) incl. Security governance (of vendors).
Assurance of PCI compliance for hardware (Payment terminals), Assurance of PCI compliance for software (store) & solution (online).
Pre PEN tests (planning, booking, environ. Prep/MAC address, test lab), Security related solution updates (inc. whitelisting IP address, etc.).
Work on change in solutions for Payment infra & network (setup, traffic, security) NME
Post PEN test (findings, discovery, mitigation, remedials).
Be a Payment Audit Coordinator & Security Assessment vulnerability SPOC (PCI, Security etc.) for payments & mitigate & risk involved.
Work on PCI & post-audit reporting and mitigation, Security Vulnerability Assessment (online).
Plan and implement New payment method launch that needs approval submission of GDPR ROPA, etc.
Ensure country specific compliance of payment methods are met and adhered.
Work on Security incidents as required / raised by different teams.
Review security section of Solution Architecture document (SAD) before yearly PCI Audit and change of new PSP/Acquirer.
- Work on Self-Checkout placeholder (PCI audit, pen test, E2E solution) semi-attended kiosk.
Qualifications:
5-7 years of experience in payment security, with a focus on penetration testing and PCI DSS compliance.
In-depth knowledge and hands-on experience with Payment Card Industry Data Security Standard (PCI-DSS) and PCI PIN Transaction Security (PCI-PTS) requirements.
Strong understanding of Information Security Management Systems, particularly ISO 27001, and familiarity with National Institute of Standards and Technology (NIST) cybersecurity frameworks.
Demonstrate expertise in international standards for information security.
Familiarity with the General Data Protection Regulation (GDPR) and its implications for data protection and privacy.
Demonstrate a robust skill set for auditing, information security management, and internal control crucial for maintaining compliance and security in payment environments.
Experience assisting auditors in setting up and running tests, providing necessary documentation, and facilitating the audit process.
Additional Information
This is a full-time position based in our Liljeholmen Office in Stockholm.
Last date of application is 10th of May but we aim to start interview process as soon as CVs come in.
For suggestions or more info, please contact our TA partner, nidhi.illman@hm.com
Due to GDPR regulation, we do not accept any applications via email.
We strive to have a fair and equal process and therefore kindly ask you not to attach a cover letter in your application as they often contain information that easily can trigger unintentional biases.
Benefits:
We offer all our employees at H&M Group attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits Compliance GDPR Governance ISO 27001 NIST PCI DSS Pentesting Privacy RFPs Risk assessment Security assessment Security strategy Strategy
Perks/benefits: Home office stipend Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs