SeniorSecurityEngineer

****THE ROLE & THE TEAM******** The Information Security team at Zalando Payments acts as the second line of defense, owning the Information Security Management System and providing independent oversight of security risks and controls. As a regulated e-money and payments institution, we operate under frameworks such as DORA, PCI DSS, GDPR, and BaFin expectations, ensuring security is embedded, measurable, and auditable. In this role, you will help define and maintain security policies, standards, and the ZPS Security Controls Framework, while independently verifying control design and effectiveness across cloud, infrastructure, and application domains. You will work closely with first line Engineering teams, while maintaining the independence required to challenge and strengthen the overall security posture. We are evolving towards a modern, scalable GRC model focused on automated evidence collection and continuous control monitoring. You will play a key role in driving this transformation, combining governance expertise with a technical mindset. You will also support internal and external audits, regulatory readiness, and management reporting, ensuring control effectiveness is demonstrated in a structured and data driven way. ****INCLUSIVE BY DESIGN**** If you think you have what it takes, we encourage you to apply even if you don't meet every single requirement. You may just be the right candidate for this or other roles! At Zalando, our vision is to be the leading pan-European ecosystem for fashion and lifestyle e-commerce – one that thrives on diversity and is truly inclusive by design. We believe that diverse teams fuel innovation and creativity, and we actively seek out talent from all backgrounds. We actively seek to reduce bias in our hiring and employment processes, focusing on your qualifications, skills, and contributions. To support this, we kindly ask that you refrain from including personal details such as your photo, age, or marital status in your CV,