.Job Title: Engineering Risk & Compliance ManagerLocation: Porto, PortugalEmployment Type: Contract to hireJob Description:We are seeking a contract-to-hire Engineering Risk & Compliance Manager to drive our PCI DSS (Payment Card Industry Data Security Standard) GDPR, and other compliance initiatives across PMS platform engineering and DevOps .This role is embedded within our technical organization and acts as a dedicated stakeholder responsible for aligning our infrastructure, development workflows, and data handling practices with regulatory and security standards.You will partner closely with engineering, DevOps, legal, and leadership to ensure that security and privacy are implemented by design - not as an afterthought.The ideal candidate has a strong technical understanding of cloud-native and hybrid environments and is comfortable translating regulatory obligations into practical, enforceable controls within the software delivery lifecycle.Key Responsibilities:- Drive PCI DSS (Payment Card Industry Data Security Standard) and GDPR compliance across engineering and infrastructure, including internal readiness for assessments, SAQ/ROC (Self-Assessment Questionnaire) & (Report on Compliance) submissions, and ongoing data protection obligations.- Collaborate with DevOps, legal, and product teams to implement security controls and monitor compliance for access management, encryption, logging, vulnerability management, and third-party integrations.- Establish and enforce policies for secure logging, data retention, redaction, and incident response processes to address security/privacy issues (e.G., data exposure, unauthorized access).- Conduct gap analyses, risk assessments, and compliance audits to identify security and regulatory deficiencies, while defining and implementing security controls aligned with industry standards.- Maintain a living risk register and compliance tracking system, ensuring all technical and regulatory controls are met and up to date.- Provide guidance to developers and DevOps on secure and privacy-conscious implementation practices within product and infrastructure workflows.- Assist with audit and certification preparation, working with QSAs, auditors, and regulators to ensure smooth compliance evaluations and reporting.- Collaborate with security teams to ensure continuous monitoring, incident response readiness, and documentation of security policies, compliance activities, and remediation efforts.- Regularly report on compliance status, risks, and findings to technical leadership, ensuring alignment with regulatory obligations and security standards.Required Qualifications:- 5+ years of experience in a security, privacy, or compliance role with strong alignment to engineering and infrastructure teams.- Strong knowledge of network security, encryption, identity management, vulnerability management, and security architecture