Information Security Compliance Manager

at  Payrails

THE COMPANY

Payrails is an innovative technology company with a team that has many years of experience in the payment industry and a real-life understanding of the merchants’ needs. We have seen the complexity firsthand and we have learned from all the challenges we’ve faced. Now we want to help leading technology companies around the world accept payments and build financial services with minimal upfront investments.
Our vision at Payrails is to reimagine payments. We do this by removing heavy reliance on Engineering efforts using composable building blocks that put the control firmly in the hands of our customers. We exist to help our customers become more productive and flexible, impacting directly on their ability to grow.
We are joined in our mission by top-tier clients Andreessen Horowitz, HV Capital, EQT and General Catalyst alongside a great cast of knowledgeable angel investors to enable us to solve the growing complexity of payments.
At Payrails, we are committed to building a team full of the most talented people. Excellence is part of our values and we understand that in order to achieve this, we need to build an environment where skilled people can work openly, collaboratively, and with the utmost trust in one another. We believe people thrive the most when they are fully aware of what the business is trying to achieve, why it is important to the market, and what challenges lie in the way to reaching our goals. In such an environment we believe people can truly excel, grow and enjoy working together. We try hard to be a company where everyone is inspired and feels a sense of responsibility to do the right thing to help us bring our vision to life. Succeeding with us is about finding solutions to the most pressing problems and executing them effectively.

Regulatory & Industry Knowledge:

• You will stay informed about emerging regulations, industry trends, and security standards, adapting the compliance program as necessary.
• You will serve as the subject matter expert on regulatory security issues, providing guidance and support to internal stakeholders

WHAT YOU WILL BE DOING

Compliance Program Management:

• You will develop and manage the organization’s information security compliance program, ensuring alignment with regulatory requirements (e.g., GDPR, HIPAA, CCPA, PCI-DSS, ISO 27001, SOC 2).
• You will monitor and track compliance with internal policies and external standards and frameworks.

Risk Management & Audits:

• You will conduct regular risk assessments to identify, analyze, and evaluate potential threats to the organization’s information security.
• You will coordinate internal and external audits and assessments, ensuring readiness and response to compliance requirements.
• You will develop action plans to address audit findings, non-compliance issues, and recommendations.

Policy Development:

• You will create, update, and maintain security policies, standards, and procedures in accordance with industry best practices and regulatory requirements.
• You will ensure security policies are properly communicated and understood by staff at all levels.

Regulatory & Industry Knowledge:

• You will stay informed about emerging regulations, industry trends, and security standards, adapting the compliance program as necessary.
• You will serve as the subject matter expert on regulatory security issues, providing guidance and support to internal stakeholders.

Incident Management & Response:

• You will collaborate with the security operations team to develop and improve incident response procedures.
• You will ensure incidents are managed in line with compliance obligations and are properly documented and reported as necessary.

Training & Awareness:

• You will develop and deliver security awareness and compliance training programs across the organization to ensure employees understand their role in maintaining security compliance.
• You will foster a culture of security awareness through ongoing communication and education initiatives.

Vendor and Third-Party Management:

• You will ensure that third-party service providers meet the organization’s security compliance requirements by conducting vendor assessments and reviews.
• You will manage vendor compliance monitoring processes, including contractual obligations for security controls.

Reporting & Metrics:

• You will track and report on compliance metrics, risks, and issues to senior management and relevant stakeholders.
• You will provide regular updates on the status of security compliance initiatives, including regulatory changes and audit outcomes.

YOU’LL BE GREAT FOR THIS ROLE IF

You have a Bachelor’s degree in Information Security, Information Technology, Computer Science, Business, or a related field (or equivalent experience).
-
- You have 5+ years of experience in information security, IT audit, risk management, or compliance roles.
- You have hands-on experience managing compliance programs and frameworks such as PCI-DSS, ISO 27001, SOC 2, GDPR, HIPAA, etc.
- Preferred certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
- You have strong ability to assess complex compliance risks and recommend solutions.
- You have strong verbal and written communication skills, with the ability to influence and educate a range of stakeholders.
- You have experience leading projects, managing timelines, and meeting compliance deadlines.
- You have a high level of accuracy and a thorough approach to managing compliance requirements.
- You have a strong understanding of security controls, threat management, and incident response.