Senior Security Certifications Expert

Requirements

• You have deep subject matter expertise in PCI frameworks and standards such as DSS, PIN/KMO, P2PE, PTS-POI, MPoC, SSF.
• You have a proven track record of orchestrating complex compliance pipelines, juggling multiple certifications, deadlines, and external assessors simultaneously.
• You are technically fluent enough to sit with hardware and software engineers, understand what they are building, and give them compliance guidance that is actually useful.
• You build trust on both sides: QSAs trust you because you are organized and prepared; engineers trust you because you make their lives easier.
• You operate with high autonomy. You do not need to be chased for updates and you do not wait for deadlines to appear before acting.
• You are a strong communicator who can clearly present complex compliance concepts to technical and non-technical audiences alike.

What you'll be doing

• Lead the process: Take central ownership of PCI Certifications for our Payments Solution, encompassing DSS, PIN/KMO, P2PE, PTS, MPoC, and SSF.
• Manage the portfolio: Maintain a comprehensive, up-to-date inventory of all PCI certifications across hardware devices, software applications, and solution-level certifications.
• Plan proactively: Track expiry dates, re-evaluation windows, and delta certification triggers. Anticipate deadlines, engage leadership, and ensure engineering teams are prepared well in advance of audit cycles.
• Collaborate with assessors: Act as the primary point of contact with QSAs and external assessors, managing timelines, preparing assessment materials, coordinating interviews, and navigating follow-up inquiries.
• Partner with Engineering: Join vulnerability analysis and threat modeling sessions to provide practical, compliance-informed security guidance to engineers. Translate compliance requirements into actionable engineering tasks without slowing down the development lifecycle.
• Maintain documentation: Take full ownership of all security documentation required for assessments (asset inventories, threat models, data flow diagrams, etc.), ensuring audit readiness year-round.
• Engage with the industry: Represent Adyen at PCI SSC working groups and industry forums, contributing to the development of standards that will shape the future of payment security.

Why this role

The certifications you manage directly determine what Adyen can build, what it can sell, and where it can operate. This is not a compliance support function, it is a critical ownership role at the center of Adyen's most sensitive and heavily regulated payment infrastructure. The work is real, the ownership is genuine, and the impact is measurable.