Technical Engineer - Payments Security Specialist

Job Description

Payment at H&M is supported by two teams, Payment Enablement Store and Payment Enablement Online. The teams operate in the component layer that is responsible for producing secure, composable payment solutions in a cost-efficient manner and as per completive time-to-market delivery timelines. The team collaborates closely with the experience layer which are responsible for the customer experience and the end-to-end value. Other important stakeholders' teams within Cyber Security who is over all responsible for governance and liaison with auditors and teams responsible for checkout in store and online and supporting vendors of these solutions.

Each team is managed by a Product Manager and are supported by Business Experts, Software Engineers, Technical Engineers, Program Managers, Solution Architects and Commercial Advisors.

The team’s vision is to strive for fast, secure, and frictionless payments. With an agile mindset and a passion for technology, provide best in class services.

The team mission is to offer a relevant, smooth, and secure payment experience to customers visiting our stores and online channels.

You will be part of the team handling payment compliance (regulations and requirements), PCI DSS, PEN tests, risk assessments & mitigation and overall security of payment solutions in stores and online for all H&M brands worldwide.

You will work on assessing and addressing, planning, and coordinating all penetration test (PEN test) activities, from pre-test involvement in planning and environment preparation to post-test activities such as debriefs, mitigation, and remediation. Maintain a strong understanding of PCI compliance and provide support and coordination for related activities as needed. Collaborate with your team colleagues and relevant stakeholders to ensure proper compliance routines are followed, taking necessary actions to always maintain full payment security compliance in our store & online environments.

Key Responsibilities:

• Ensure technical environment is maintained based on H&M objectives, guardrails, and security requirements.
• Review security annexes answers of acquirers and PSP during RFI/RFP.
• Attestation of Compliancy (AOC) (e.g new PSP, PCI audit) for new and existing PSPs.
• Build Security Strategy for devices in store & online (emerging tech) incl. Security governance (of vendors).
• Assurance of PCI compliance for hardware (Payment terminals), Assurance of PCI compliance for software (store) & solution (online).
• Pre PEN tests (planning, booking, environ. Prep/MAC address, test lab), Security related solution updates (inc. whitelisting IP address, etc.).
• Work on change in solutions for Payment infra & network (setup, traffic, security) NME
• Post PEN test (findings, discovery, mitigation, remedials).
• Be a Payment Audit Coordinator & Security Assessment vulnerability SPOC (PCI, Security etc.) for payments & mitigate & risk involved.
• Work on PCI & post-audit reporting and mitigation, Security Vulnerability Assessment (online).
• Plan and implement New payment method launch that needs approval submission of GDPR ROPA, etc.
• Ensure country specific compliance of payment methods are met and adhered.
• Work on Security incidents as required / raised by different teams.
• Review security section of Solution Architecture document (SAD) before yearly PCI Audit and change of new PSP/Acquirer.
• Work on Self-Checkout placeholder (PCI audit, pen test, E2E solution) semi-attended kiosk.

Qualifications

• Bachelor's degree in computer science, information security, or a related field.
• 5-7 years of experience in payment security, with a focus on penetration testing and PCI DSS compliance.
• In-depth knowledge and hands-on experience with Payment Card Industry Data Security Standard (PCI-DSS) and PCI PIN Transaction Security (PCI-PTS) requirements.
• Strong understanding of Information Security Management Systems, particularly ISO 27001, and familiarity with National Institute of Standards and Technology (NIST) cybersecurity frameworks.
• Demonstrate expertise in international standards for information security.
• Familiarity with the General Data Protection Regulation (GDPR) and its implications for data protection and privacy.
• Demonstrate a robust skill set for auditing, information security management, and internal control crucial for maintaining compliance and security in payment environments.
• Experience assisting auditors in setting up and running tests, providing necessary documentation, and facilitating the audit process.

Additional Information

This is a fulltime permanent position, starting as soon as possible according to agreement. The role is an on-site position, based in our office in Bangalore, India.
Apply by sending in your CV in English and portfolio as soon as possible, but no later than the 10th May. Due to data policies, we only accept applications through career page.

Benefits
We offer all our employees at H&M Group attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here.

In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment type and countries. 

Inclusion & Diversity

H&M is a part of H&M Group. At H&M Group, we’re determined to create and maintain inclusive, diverse and equitable workplaces throughout our organization. Our teams should consist of a variety of people that share and combine their knowledge, experience and ideas. Having a diverse workforce leads to a positive impact on how we address challenges, on what we perceive possible and on how we choose to relate to our colleagues and customers all over the world. Hence all diversity dimensions are taken into consideration in our recruitment process.  

We strive to have a fair and equal process and therefore kindly ask you not to attach a cover letter in your application as they often contain information that easily can trigger unintentional biases.

Company Description 

H&M is a fashion brand that offers the latest styles and inspiration, from fashion pieces and unique designer collaborations to affordable wardrobe essentials. Our business idea is fashion & quality at the best price in a sustainable way.  Learn more about H&M here.