Senior Information Security Officer

The role is about:
The Senior Information Security Officer is a key leadership role responsible for protecting payabl.’s payment infrastructure, systems, and data within a highly regulated environment.

Operating as a second-line control function, this role combines information security governance with deep technical oversight across security architecture, cloud environments, and payment systems. You will own the design, implementation, and continuous improvement of the organization's information security framework, ensuring it remains scalable, audit-ready, and aligned with regulatory requirements.

This role plays a critical part in safeguarding cardholder data, ensuring compliance with industry standards such as PCI-DSS, and strengthening the organization's resilience against evolving cyber threats.

Location: Frankfurt, Germany
Reporting to: Group CTO

What you will do:

• Define and drive the organization's Information Security Strategy, ensuring alignment with regulatory frameworks such as PCI-DSS v4.x, DORA, PSD2/PSR, and ISO 27001.
• Own and maintain the Information Security Management System (ISMS), ensuring risk-based control design, audit-ready documentation, and integrity of compliance evidence.
• Act as the internal control owner for PCI-DSS, managing the full compliance lifecycle including scoping, control validation, evidence collection, and external assessor (QSA) engagement.
• Provide executive and board-level reporting on security posture, including risk dashboards, key metrics, and escalation of material risks.
• Oversee security architecture across critical domains, including cardholder data environments (CDE), encryption and tokenization, HSMs, API security, and cloud infrastructure.
• Drive the adoption of secure SDLC and DevSecOps practices, ensuring security is embedded across development and deployment lifecycles.
• Lead vulnerability management and security operations oversight, including SIEM/XDR effectiveness, detection capabilities, and remediation processes.
• Own incident response governance, coordinating investigations, digital forensics, and regulatory notification processes.
• Manage third-party and outsourcing security risk, including due diligence, ongoing monitoring, and enforcement of contractual security controls.
• Ensure strong data protection and cryptographic practices, including secure data flows, key management, and privacy-by-design principles.
• Continuously reduce cyber and technology risk while maintaining a high level of audit and regulatory readiness.

What we need:

• Extensive experience (7+ years) in information security roles within fintech, payments, banking, or high-transaction environments.
• Proven ownership of PCI-DSS compliance and security controls within regulated financial infrastructure.
• Strong technical background across security architecture, including encryption, tokenisation, HSMs, API security, and network segmentation.
• Experience working with cloud-native and hybrid environments (AWS, Azure, or GCP), with a solid understanding of cloud security principles.
• Deep understanding of modern security practices including Zero Trust, IAM/PAM models, and secure system design.
• Hands-on experience with security operations, including SIEM/XDR platforms, log management, and incident response processes.
• Strong knowledge of vulnerability management frameworks and remediation strategies.
• Experience managing third-party risk and outsourcing security controls in regulated environments.
• Ability to operate at both strategic and hands-on levels, combining governance with technical depth.
• Strong stakeholder management and communication skills, including experience presenting to senior leadership and regulatory bodies.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are highly desirable.

Hiring Process:

• First Interview: 30-minute introduction led by the Talent Acquisition team.
• Second Interview: 1-hour deep-dive with the Hiring manager to explore your experience and skills.
• Final Interview: 30-minute session with the CTO for final alignment.

The perks of being a payabl.er

• Competitive Compensation: Step into a role that values your contributions with a market-aligned salary and bonus potential reflecting our annual success.
• Extended Vacation Time: Recharge with 28 vacation days, plus special holidays on December 24th and 31st, ensuring plenty of time for leisure and relaxation.
• Supplementary Health Insurance (bKV): Company-sponsored Betriebliche Krankenversicherung available after probation, offering additional health coverage.
• Commute Your Way: We’ll reimburse your Deutschlandticket (€58 monthly public transport pass) or cover parking near the office—supporting your daily commute.
• Connect & Celebrate: Join regular team events that bring colleagues together, strengthen collaboration, and celebrate shared success.
• Empowered Career Trajectory: Unlock your full potential in a flat-hierarchy setting that fosters rapid professional growth and open dialogue.
• Global Perspectives: Immerse yourself in an international environment, enriching your career with diverse experiences and viewpoints.
• Tech Tailored to You: Craft your perfect setup by choosing between Mac or Windows laptops, enhancing both comfort and productivity.
• Hybrid Harmony and Relaxation: Embrace the best of both worlds with hybrid work options and unwind in our relaxation area, complete with a massage chair.

Ready to Join Us?

Let's embark on a journey to redefine the landscape of payments together. We're not just offering a role; we're inviting you to be a part of something bigger. Join our team, and let's innovate, disrupt, and lead the future of payments. Together, we can make an impact that resonates. Welcome to the team!

If this role seems like a good match, please submit your resume all applications are treated with the strictest confidentiality. Please note that we may keep your CV for a period of one (1) year for future relevant job opportunities. For more information about how we process your data please see at