Senior Security Engineer- Zalando Payments (all genders)

THE ROLE & THE TEAM

The Information Security team at Zalando Payments acts as the second line of defense owning the Information Security Management System and providing independent oversight of security risks and controls. As a regulated e-money and payments institution we operate under frameworks such as DORA PCI DSS GDPR and BaFin expectations ensuring security is embedded measurable and auditable.

In this role you will help define and maintain security policies standards and the ZPS Security Controls Framework while independently verifying control design and effectiveness across cloud infrastructure and application domains. You will work closely with first line Engineering teams while maintaining the independence required to challenge and strengthen the overall security posture.

We are evolving towards a modern scalable GRC model focused on automated evidence collection and continuous control monitoring. You will play a key role in driving this transformation combining governance expertise with a technical mindset.

You will also support internal and external audits regulatory readiness and management reporting ensuring control effectiveness is demonstrated in a structured and data driven way.

INCLUSIVE BY DESIGN

If you think you have what it takes we encourage you to apply even if you dont meet every single requirement. You may just be the right candidate for this or other roles!

At Zalando our vision is to be the leading pan-European ecosystem for fashion and lifestyle e-commerce one that thrives on diversity and is truly inclusive by design. We believe that diverse teams fuel innovation and creativity and we actively seek out talent from all backgrounds.

We actively seek to reduce bias in our hiring and employment processes focusing on your qualifications skills and contributions. To support this we kindly ask that you refrain from including personal details such as your photo age or marital status in your CV ensuring a fair and equitable evaluation based solely on your abilities and potential.

We are committed to providing an exceptional and accessible candidate experience for everyone. If you require any accommodations to support you throughout the hiring process please let us know we are here to assist you.

Discover more about our commitment to creating a diverse and inclusive workplace: WED LOVE YOU TO DO (AND LOVE DOING)

• Own and evolve the Information Security Management System at Zalando Payments ensuring alignment with DORA PCI DSS ISO 27001 and internal policies.

• Drive the ZPS Security Controls Framework including control definition evidence requirements and maturity targets.

• Independently verify security controls assessing design and effectiveness and ensuring traceability between risks controls and evidence.

• Apply a GRC engineering mindset by enabling automated evidence collection and continuous control monitoring.

• Collaborate with first line Engineering and Operational Security teams to ensure scalable and effective control implementation.

• Support internal and external audits and ensure regulatory readiness through structured evidence driven practices.

WED LOVE TO MEET YOU IF

• You have 5 years of working experience in Information Security Risk or GRC ideally in regulated environments such as fintech or payments.

• You understand frameworks and regulations such as DORA PCI DSS ISO 27001 or GDPR.

• You have experience designing or assessing security controls including defining evidence and evaluating effectiveness.

• You bring a GRC engineering mindset with an interest in automation scalable evidence collection and continuous monitoring.

• You are able to challenge constructively as a second line of defense while collaborating effectively with engineering and security teams.

• You communicate clearly with both technical and non technical stakeholders including senior management.

OUR OFFER

Zalando provides a range of benefits heres an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.

• 27 days of holiday a year to start for full-time employees (1 day for every calendar year up to 30 days)

• 2 paid volunteering days a year

• Hybrid working model with up to 60% remote per week actual practice is up to each team to best support their collaboration

• Work from abroad for up to 30 working days a year

• Employee shares program

• 40% off fashion and beauty products sold and shipped by Zalando 30% off Lounge by Zalando discounts from external partners

• Relocation assistance available (subject to prior agreement)

• Family services including counseling and support

• Health and wellbeing options (including Wellhub formerly Gympass)

• Mental health support and coaching available

• Drive your development through our training platform and biannual peer-to-peer review