THE ROLE & THE TEAM
The Information Security team at Zalando Payments acts as the second line of defense, owning the Information Security Management System and providing independent oversight of security risks and controls. As a regulated e-money and payments institution, we operate under frameworks such as DORA, PCI DSS, GDPR, and BaFin expectations, ensuring security is embedded, measurable, and auditable.
In this role, you will help define and maintain security policies, standards, and the ZPS Security Controls Framework, while independently verifying control design and effectiveness across cloud, infrastructure, and application domains. You will work closely with first line Engineering teams, while maintaining the independence required to challenge and strengthen the overall security posture.
We are evolving towards a modern, scalable GRC model focused on automated evidence collection and continuous control monitoring. You will play a key role in driving this transformation, combining governance expertise with a technical mindset.
You will also support internal and external audits, regulatory readiness, and management reporting, ensuring control effectiveness is demonstrated in a structured and data driven way.
INCLUSIVE BY DESIGN
If you think you have what it takes, we encourage you to apply even if you don't meet every single requirement. You may just be the right candidate for this or other roles!
At Zalando, our vision is to be the leading pan-European ecosystem for fashion and lifestyle e-commerce – one that thrives on diversity and is truly inclusive by design. We believe that diverse teams fuel innovation and creativity, and we actively seek out talent from all backgrounds.
We actively seek to reduce bias in our hiring and employment processes, focusing on your qualifications, skills, and contributions. To support this, we kindly ask that you refrain from including personal details such as your photo, age, or marital status in your CV, ensuring a fair and equitable evaluation based solely on your abilities and potential.
We are committed to providing an exceptional and accessible candidate experience for everyone. If you require any accommodations to support you throughout the hiring process, please let us know – we are here to assist you.
Discover more about our commitment to creating a diverse and inclusive workplace: https://jobs.zalando.com/en/our-culture/diversity-and-inclusion
WHAT WE’D LOVE YOU TO DO (AND LOVE DOING)
Own and evolve the Information Security Management System at Zalando Payments, ensuring alignment with DORA, PCI DSS, ISO 27001, and internal policies.
Drive the ZPS Security Controls Framework, including control definition, evidence requirements, and maturity targets.
Independently verify security controls, assessing design and effectiveness, and ensuring traceability between risks, controls, and evidence.
Apply a GRC engineering mindset by enabling automated evidence collection and continuous control monitoring.
Collaborate with first line Engineering and Operational Security teams to ensure scalable and effective control implementation.
Support internal and external audits and ensure regulatory readiness through structured, evidence driven practices.
WE’D LOVE TO MEET YOU IF
You have 5+ years of working experience in Information Security, Risk, or GRC, ideally in regulated environments such as fintech or payments.
You understand frameworks and regulations such as DORA, PCI DSS, ISO 27001, or GDPR.
You have experience designing or assessing security controls, including defining evidence and evaluating effectiveness.
You bring a GRC engineering mindset, with an interest in automation, scalable evidence collection, and continuous monitoring.
You are able to challenge constructively as a second line of defense, while collaborating effectively with engineering and security teams.
You communicate clearly with both technical and non technical stakeholders, including senior management.
OUR OFFER
Zalando provides a range of benefits, here’s an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.
27 days of holiday a year to start for full-time employees (+1 day for every calendar year up to 30 days)
2 paid volunteering days a year
Hybrid working model with up to 60% remote per week, actual practice is up to each team to best support their collaboration
Work from abroad for up to 30 working days a year
Employee shares program
40% off fashion and beauty products sold and shipped by Zalando, 30% off Lounge by Zalando, discounts from external partners
Relocation assistance available (subject to prior agreement)
Family services, including counseling and support
Health and wellbeing options (including Wellhub, formerly Gympass)
Mental health support and coaching available
Drive your development through our training platform and biannual peer-to-peer review
