Paymenttools is on a mission to transform the payment landscape for retailers in Europe. With more than 4,4 billion visitors per year in our more than 15,000 REWE Group stores and travel agencies in 21 countries we know exactly what consumers and merchants need when exchanging goods for money. We strongly believe in making payments seamless and invisible, linking them with value added services within the framework of a reliable identity service. Our mantra: #wesolvepayn. We blend cutting-edge technology with stringent security to protect sensitive payment data while nurturing innovation in a cloud-native tech environment.
As our Information Security Manager (d/f/m), you will be pivotal in upholding the highest security standards within our innovative and dynamic setting. Your primary responsibility is not just adhering to ISO 27001, PCI DSS, NIST CSF and KRITIS regulations, but also effectively managing and facilitating multiple audits throughout the year. You'll be the linchpin connecting our auditors with our product teams, ensuring a smooth audit process through your exceptional project management skills, including evidence collection and conveying requirements. Join us at Paymenttools and be at the forefront of securing the future of digital payments while fostering a culture of innovation and agility.
Your Tasks
Lead and manage the audit process, serving as the key liaison between auditors and our product teams
Ensure thorough preparation for audits, including evidence collection and requirement communication
Drive continuous improvement initiatives based on audit findings, risk assessments, and maturity evaluations
Provide guidance and support to teams in implementing security measures and meeting audit requirements
Perform control assurance activities, including testing of control design and operating effectiveness
Maintain up-to-date knowledge of security regulations and standards, ensuring Paymenttools remains ahead of the curve
Monitor security metrics and report on compliance posture to leadership
Conduct security awareness and control implementation workshops
Evaluate supplier security posture and ensure contractual security requirements are defined and enforced
Your Experience
Proven experience in information security management, particularly in audit management and coordination
Solid understanding of ISO 27001, or PCI DSS, or KRITIS/ EU NIS Directive regulations
Strong project management skills, with experience in leading complex audit processes
Ability to communicate effectively with both technical teams and external auditors
Familiarity with the latest security technologies and practices in a cloud-native development setting is a plus
Relevant professional certifications (CISSP, CISM, CEH) is an advantage
English proficiency needed, German is just a plus!
Our Benefits
Deutschland ticket, subsidized subscription
1.000 euro annual learning and development budget + internal training platforms
Discounts on travel, fashion, technology, and more through our corporate benefits
REWE discount card for REWE group retailers
JobRad, affordable bicycle leasing
Company pension plan
Insurance services
Perks of working with us
Hybrid working environment
Flexible working hours that fit your workflow, your time matters
Language courses (English and German)
Responsibility from day one
Work with modern and agile software such as Google Workspace, Slack, Asana, Jira, Lattice, Miro and Confluence
Company events including Hackathons and Company Days
Ask us more about these!
We are looking forward to getting to know you – so, even if you feel that you don’t quite meet all the requirements, but the position still excites you and you think you would love to work with us, please reach out! We would still love to hear from you. We explicitly encourage applicants within groups that are underrepresented in tech spaces as of today. We value all kinds of backgrounds and walks of life.
#J-18808-Ljbffr