payabl.

Senior Information Security Officer

payabl.

full-time

Posted on:

Location Type: Remote

Location: Germany

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudGoogle Cloud PlatformMicroservicesSDLC

About the role

  • Provide strategic and operational leadership for designing, implementing, and continuously improving the organization's information security framework within a regulated payment processing environment.
  • Own the protection of payment data, infrastructure, applications, and integrations against cyber threats, while ensuring regulatory compliance, audit readiness, and operational resilience at scale.
  • This role operates as a second-line embedded technical control function, combining governance, security architecture oversight, and operational assurance.
  • Defining, maintaining, and executing the Information Security Strategy in alignment with PCI-DSS v4.x, PSD2/PSR, DORA, ISO/IEC 27001, and internal risk frameworks.
  • Establishing and maintaining the Information Security Management System (ISMS), ensuring risk-based controls, audit-ready documentation, and integrity of evidence.
  • Acting as the internal control owner for PCI-DSS and managing the end-to-end PCI compliance lifecycle, including scoping, control testing, evidence collection, and QSA engagement.
  • Providing executive and board-level security reporting, including risk dashboards and escalation of material security risks.
  • Overseeing security engineering domains including cardholder data environments, encryption and tokenization, HSMs, key management, APIs, and cloud security posture.
  • Enforcing secure SDLC and Dev SecOps practices and overseeing vulnerability management, remediation SLAs, and security operations (SIEM/XDR).
  • Leading incident response governance, digital forensics coordination, and regulatory notification activities.
  • Managing third-party and outsourcing security risk, including due diligence, ongoing monitoring, and contractual security obligations.
  • Overseeing data protection and cryptographic controls, ensuring secure data flows and privacy-by-design principles.
  • Reducing residual cyber and technology risk while maintaining sustained regulatory and audit readiness.

Requirements

  • 7–12+ years in information security roles within fintech, payments, banking, or high-throughput transaction environments.
  • Proven operational ownership of PCI-DSS and regulated financial infrastructure.
  • Hands-on experience with HSMs, tokenization, encryption, API security, and network segmentation.
  • Experience operating in cloud-native security architectures and hybrid infrastructures.
  • Technical Competencies
  • PCI-DSS 4.x technical control implementation
  • Cloud security (AWS/Azure/GCP)
  • Zero Trust/network segmentation
  • SIEM, XDR, and log engineering
  • IAM, PAM, and privileged access models
  • Secure API and microservices architecture
Benefits
  • Competitive Compensation: Step into a role that values your contributions with a market-aligned salary and bonus potential reflecting our annual success.
  • Extended Vacation Time: Recharge with 28 vacation days, plus special holidays on December 24th and 31st, ensuring plenty of time for leisure and relaxation.
  • Empowered Career Trajectory: Unlock your full potential in a flat-hierarchy setting that fosters rapid professional growth and open dialogue.
  • Global Perspectives: Immerse yourself in an international environment, enriching your career with diverse experiences and viewpoints.
  • Tech Tailored to You: Craft your perfect setup by choosing between Mac or Windows laptops, enhancing both comfort and productivity.
  • Community and Collaboration: Dive into a culture of unity through regular team events that build connections and foster collaboration.
  • Hybrid Harmony and Relaxation: Embrace the best of both worlds with hybrid work options and unwind in our relaxation area, complete with a massage chair.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securityPCI-DSSencryptiontokenizationHSMAPI securitycloud securitynetwork segmentationvulnerability managementincident response
Soft Skills
strategic leadershipoperational leadershipgovernancecommunicationreportingrisk managementcollaborationproblem-solvinganalytical thinkingexecutive reporting
Certifications
PCI-DSS certificationISO/IEC 27001 certification