Payments Security Specialist

Company Description

H&M is a fashion brand that offers the latest styles and inspiration, from fashion pieces and unique designer collaborations to affordable wardrobe essentials. Our business idea is fashion & quality at the best price in a sustainable way.  Learn more about H&M here. 
 

Job Description

Payment at H&M is supported by two teams, Payment Enablement Store and Payment Enablement Online. The teams operate in the component layer that is responsible for producing secure, composable payment solutions in a cost-efficient manner and as per completive time-to-market delivery timelines. The team collaborates closely with the experience layer which are responsible for the customer experience and the end-to-end value. Other important stakeholders' teams within Cyber Security who is over all responsible for governance and liaison with auditors and teams responsible for checkout in store and online and supporting vendors of these solutions. 

Each team is managed by a Product Manager and are supported by Business Experts, Software Engineers, Technical Engineers, Program Managers, Solution Architects and Commercial Advisors. 

The team’s vision is to strive for fast, secure, and frictionless payments. With an agile mindset and a passion for technology, provide best in class services. 

The team mission is to offer a relevant, smooth, and secure payment experience to customers visiting our stores and online channels. 

You will be part of the team handling payment compliance (regulations and requirements), PCI DSS, PEN tests, risk assessments & mitigation and overall security of payment solutions in stores and online for all H&M brands worldwide. 

You will work on assessing and addressing, planning, and coordinating all penetration test (PEN test) activities, from pre-test involvement in planning and environment preparation to post-test activities such as debriefs, mitigation, and remediation. Maintain a strong understanding of PCI compliance and provide support and coordination for related activities as needed. Collaborate with your team colleagues and relevant stakeholders to ensure proper compliance routines are followed, taking necessary actions to always maintain full payment security compliance in our store & online environments. 

Qualifications

Key Responsibilities: 

• Ensure technical environment is maintained based on H&M objectives, guardrails, and security requirements. 

• Review security annexes answers of acquirers and PSP during RFI/RFP. 

• Attestation of Compliancy (AOC) (e.g new PSP, PCI audit) for new and existing PSPs. 

• Build Security Strategy for devices in store & online (emerging tech) incl. Security governance (of vendors). 

• Assurance of PCI compliance for hardware (Payment terminals), Assurance of PCI compliance for software (store) & solution (online). 

• Pre PEN tests (planning, booking, environ. Prep/MAC address, test lab), Security related solution updates (inc. whitelisting IP address, etc.). 

• Work on change in solutions for Payment infra & network (setup, traffic, security) NME 

• Post PEN test (findings, discovery, mitigation, remedials). 

• Be a Payment Audit Coordinator & Security Assessment vulnerability SPOC (PCI, Security etc.) for payments & mitigate & risk involved. 

• Work on PCI & post-audit reporting and mitigation, Security Vulnerability Assessment (online). 

• Plan and implement New payment method launch that needs approval submission of GDPR ROPA, etc. 

• Ensure country specific compliance of payment methods are met and adhered. 

• Work on Security incidents as required / raised by different teams. 

• Review security section of Solution Architecture document (SAD) before yearly PCI Audit and change of new PSP/Acquirer. 

• Work on Self-Checkout placeholder (PCI audit, pen test, E2E solution) semi-attended kiosk.

Qualifications:

• 5-7 years of experience in payment security, with a focus on penetration testing and PCI DSS compliance. 

• In-depth knowledge and hands-on experience with Payment Card Industry Data Security Standard (PCI-DSS) and PCI PIN Transaction Security (PCI-PTS) requirements. 

• Strong understanding of Information Security Management Systems, particularly ISO 27001, and familiarity with National Institute of Standards and Technology (NIST) cybersecurity frameworks. 

• Demonstrate expertise in international standards for information security. 

• Familiarity with the General Data Protection Regulation (GDPR) and its implications for data protection and privacy. 

• Demonstrate a robust skill set for auditing, information security management, and internal control crucial for maintaining compliance and security in payment environments. 

• Experience assisting auditors in setting up and running tests, providing necessary documentation, and facilitating the audit process.

•  

Additional Information

This is a full-time position based in our Liljeholmen Office in Stockholm.  

Last date of application is 10th of May but we aim to start interview process as soon as CVs come in. 

For suggestions or more info, please contact our TA partner, nidhi.illman@hm.com 

Due to GDPR regulation, we do not accept any applications via email.  

We strive to have a fair and equal process and therefore kindly ask you not to attach a cover letter in your application as they often contain information that easily can trigger unintentional biases. 


Benefits:
We offer all our employees at H&M Group attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M Group brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP.