THE COMPANY

Payrails is an innovative technology company with a team that has many years of experience in the payment industry and a real-life understanding of the merchants’ needs. We have seen the complexity firsthand and we have learned from all the challenges we’ve faced. Now we want to help leading technology companies around the world accept payments and build financial services with minimal upfront investments.
Our vision at Payrails is to reimagine payments. We do this by removing heavy reliance on Engineering efforts using composable building blocks that put the control firmly in the hands of our customers. We exist to help our customers become more productive and flexible, impacting directly on their ability to grow.
We are joined in our mission by top-tier investors Andreessen Horowitz, HV Capital, EQT, and General Catalyst, alongside a great cast of knowledgeable angel investors to enable us to solve the growing complexity of payments.
At Payrails, we are committed to building a team full of the most talented people. Excellence is part of our values and we understand that in order to achieve this, we need to build an environment where skilled people can work openly, collaboratively, and with the utmost trust in one another. We believe people thrive the most when they are fully aware of what the business is trying to achieve, why it is important to the market, and what challenges lie in the way to reaching our goals. In such an environment we believe people can truly excel, grow and enjoy working together. We try hard to be a company where everyone is inspired and feels a sense of responsibility to do the right thing to help us bring our vision to life.
Succeeding with us is about finding solutions to the most pressing problems and executing them effectively.

WHAT YOU WILL BE DOING

• You will develop and manage the organization’s information security compliance program, ensuring alignment with regulatory requirements (e.g. GDPR, PCI DSS, ISO 27001, SOC 2).
• You will coordinate internal and external audits and assessments, ensuring readiness and response to compliance requirements and develop action plans to address findings and recommendations.
• You will create, update, and maintain security policies, standards, and procedures in accordance with industry best practices and regulatory requirements.
• You will stay informed about emerging regulations, industry trends, and security standards, adapting the compliance program as necessary.
• You will serve as the subject matter expert on compliance topics and provide guidance and support to internal stakeholders.
• You will collaborate with the security operations team to develop and improve incident response procedures.
• You will ensure that third-party service providers meet the organization’s security compliance requirements by conducting vendor assessments and reviews.
• You will track and report on compliance metrics, risks, and issues to senior management and relevant stakeholders.

YOU’LL BE GREAT FOR THIS ROLE IF

• You have a Bachelor’s degree in Information Security, Information Technology, Computer Science, Business, or a related field (or equivalent experience).
• You have 5+ years of experience in information security, IT audit, risk management, or compliance roles.
• You have hands-on experience managing compliance programs and frameworks such as PCI DSS, ISO 27001, SOC 2, GDPR, etc.
• Preferred certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
• You have a strong ability to assess complex compliance risks and recommend solutions.
• You have strong verbal and written communication skills, with the ability to influence and educate a range of stakeholders.
• You have experience leading projects, managing timelines, and meeting compliance deadlines.
• You have a high level of accuracy and a thorough approach to managing compliance requirements.
• You have a strong understanding of security controls, threat management, and incident response.