See all jobs

Information Security Compliance Manager

Permanent employee, Full-time · Berlin
The Company
Payrails is an innovative technology company with a team that has many years of experience in the payment industry and a real-life understanding of the merchants’ needs. We have seen the complexity firsthand and we have learned from all the challenges we've faced. Now we want to help leading technology companies around the world accept payments and build financial services with minimal upfront investments.

Our vision at Payrails is to reimagine payments. We do this by removing heavy reliance on Engineering efforts using composable building blocks that put the control firmly in the hands of our customers. We exist to help our customers become more productive and flexible, impacting directly on their ability to grow.

We are joined in our mission by top-tier clients Andreessen HorowitzHV CapitalEQT and General Catalyst alongside a great cast of knowledgeable angel investors to enable us to solve the growing complexity of payments.

At Payrails, we are committed to building a team full of the most talented people. Excellence is part of our values and we understand that in order to achieve this, we need to build an environment where skilled people can work openly, collaboratively, and with the utmost trust in one another. We believe people thrive the most when they are fully aware of what the business is trying to achieve, why it is important to the market, and what challenges lie in the way to reaching our goals. In such an environment we believe people can truly excel, grow and enjoy working together. We try hard to be a company where everyone is inspired and feels a sense of responsibility to do the right thing to help us bring our vision to life. Succeeding with us is about finding solutions to the most pressing problems and executing them effectively.

What You will be doing

Compliance Program Management: 

  • You will develop and manage the organization's information security compliance program, ensuring alignment with regulatory requirements (e.g., GDPR, HIPAA, CCPA, PCI-DSS, ISO 27001, SOC 2).

  • You will monitor and track compliance with internal policies and external standards and frameworks.

Risk Management & Audits:

  • You will conduct regular risk assessments to identify, analyze, and evaluate potential threats to the organization’s information security.

  • You will coordinate internal and external audits and assessments, ensuring readiness and response to compliance requirements.

  • You will develop action plans to address audit findings, non-compliance issues, and recommendations.

Policy Development:

  • You will create, update, and maintain security policies, standards, and procedures in accordance with industry best practices and regulatory requirements.

  • You will ensure security policies are properly communicated and understood by staff at all levels.

Regulatory & Industry Knowledge:

  • You will stay informed about emerging regulations, industry trends, and security standards, adapting the compliance program as necessary.

  • You will serve as the subject matter expert on regulatory security issues, providing guidance and support to internal stakeholders.

Incident Management & Response:

  • You will collaborate with the security operations team to develop and improve incident response procedures.

  • You will ensure incidents are managed in line with compliance obligations and are properly documented and reported as necessary.

Training & Awareness:

  • You will develop and deliver security awareness and compliance training programs across the organization to ensure employees understand their role in maintaining security compliance.

  • You will foster a culture of security awareness through ongoing communication and education initiatives.

Vendor and Third-Party Management:

  • You will ensure that third-party service providers meet the organization's security compliance requirements by conducting vendor assessments and reviews.

  • You will manage vendor compliance monitoring processes, including contractual obligations for security controls.

Reporting & Metrics:

  • You will track and report on compliance metrics, risks, and issues to senior management and relevant stakeholders.

  • You will provide regular updates on the status of security compliance initiatives, including regulatory changes and audit outcomes.

You'll be great for this role if
  • You have a Bachelor’s degree in Information Security, Information Technology, Computer Science, Business, or a related field (or equivalent experience).

  • You have 5+ years of experience in information security, IT audit, risk management, or compliance roles.

  • You have hands-on experience managing compliance programs and frameworks such as PCI-DSS, ISO 27001, SOC 2, GDPR, HIPAA, etc.

  • Preferred certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.

  • You have strong ability to assess complex compliance risks and recommend solutions.

  • You have strong verbal and written communication skills, with the ability to influence and educate a range of stakeholders.

  • You have experience leading projects, managing timelines, and meeting compliance deadlines.

  • You have a high level of accuracy and a thorough approach to managing compliance requirements.

  • You have a strong understanding of security controls, threat management, and incident response.

Why You should join Payrails
  • You can truly create your own path by taking responsibility and implementing your own ideas
  • We offer visa and relocation support to you and your family where required
  • We offer a hybrid working environment
  • You have 27 annual vacation days + 1 day of paid birthday leave for you to have fun and party without any worries!
  • You will have the opportunity to travel abroad
  • We get together regularly for team lunches and events
  • You help us shape the future of payments
At Payrails, we prioritize a culture of inclusivity and diversity, evaluating candidates solely based on their skills and potential, regardless of age, gender, identity, ethnicity, sexual orientation, disability status, or religion. We welcome applications from individuals of all backgrounds and identities.  In line with our commitment to fairness, we kindly request applicants to refrain from including personal details such as a picture, age, or marital status in their CVs.
Apply for this job
Apply for this job
We are looking forward to hearing from you!
Thank you for your interest in Payrails. Please fill out the following short form. Should you have difficulties with the upload of your data, please send an email to joinus@payrails.com.
Uploading document. Please wait.
Please add all mandatory information with a * to send your application.