Senior Information Security Officer

payabl. empowers businesses to grow through payments innovation and banking services. Our ambition is to expand our strong portfolio of global financial services we provide to businesses and make them all available in one place on our platform we call payabl.one. As a licensed financial company with principal membership with card schemes, we specialize in global payments and providing businesses with multi-currency accounts.

The role is about:

Provide strategic and operational leadership for designing, implementing, and continuously improving the organization's information security framework within a regulated payment processing environment. Own the protection of payment data, infrastructure, applications, and integrations against cyber threats, while ensuring regulatory compliance, audit readiness, and operational resilience at scale. This role operates as a second-line embedded technical control function, combining governance, security architecture oversight, and operational assurance.

Reports to: Group CTO and Group Head of GRC

Location: Germany

What you will do:

• Defining, maintaining, and executing the Information Security Strategy in alignment with PCI-DSS v4.x, PSD2/PSR, DORA, ISO/IEC 27001, and internal risk frameworks.
• Establishing and maintaining the Information Security Management System (ISMS), ensuring risk-based controls, audit-ready documentation, and integrity of evidence.
• Acting as the internal control owner for PCI-DSS and managing the end-to-end PCI compliance lifecycle, including scoping, control testing, evidence collection, and QSA engagement.
• Providing executive and board-level security reporting, including risk dashboards and escalation of material security risks.
• Overseeing security engineering domains including cardholder data environments, encryption and tokenization, HSMs, key management, APIs, and cloud security posture.
• Enforcing secure SDLC and Dev SecOps practices and overseeing vulnerability management, remediation SLAs, and security operations (SIEM/XDR).
• Leading incident response governance, digital forensics coordination, and regulatory notification activities.
• Managing third‑party and outsourcing security risk, including due diligence, ongoing monitoring, and contractual security obligations.
• Overseeing data protection and cryptographic controls, ensuring secure data flows and privacy‑by‑design principles.
• Reducing residual cyber and technology risk while maintaining sustained regulatory and audit readiness.

What we need:

• 7–12+ years in information security roles within fintech, payments, banking, or high‑throughput transaction environments.
• Proven operational ownership of PCI‑DSS and regulated financial infrastructure.
• Hands‑on experience with HSMs, tokenization, encryption, API security, and network segmentation.
• Experience operating in cloud‑native security architectures and hybrid infrastructures.

Technical Competencies

• PCI‑DSS 4.x technical control implementation
• Cloud security (AWS/Azure/GCP)
• Zero Trust/network segmentation
• SIEM, XDR, and log engineering
• IAM, PAM, and privileged access models
• Secure API and microservices architecture

The perks of being a payabl.er

• Competitive Compensation: Step into a role that values your contributions with a market‑aligned salary and bonus potential reflecting our annual success.
• Extended Vacation Time: Recharge with 28 vacation days, plus special holidays on December 24th and 31st, ensuring plenty of time for leisure and relaxation.
• Empowered Career Trajectory: Unlock your full potential in a flat‑hierarchy setting that fosters rapid professional growth and open dialogue.
• Global Perspectives: Immerse yourself in an international environment, enriching your career with diverse experiences and viewpoints.
• Tech Tailored to You: Craft your perfect setup by choosing between Mac or Windows laptops, enhancing both comfort and productivity.
• Community and Collaboration: Dive into a culture of unity through regular team events that build connections and foster collaboration.
• Hybrid Harmony and Relaxation: Embrace the best of both worlds with hybrid work options and unwind in our relaxation area, complete with a massage chair.