Cyber & Information Security Manager

As a Cyber & Information Security Manager at Payter, you will play a crucial role in the company's growth by delivering key security solutions. Joining a small, close-knit team, you will engage in all aspects of both Cyber Security and Information Security delivery, collaborating closely with domain owners to deliver secure solutions and architecture in line with standards, strategies, and industry best practices to protect our business and our customers.

About Payter: At Payter, we are innovators, pioneers, and leaders in the dynamic realm of unattended/self-service contactless and cashless payment technology in a wide range of markets such as Electrical Vehicle Charging, Transportation, Retail, Hospitality, Vending, Charity, Parking, and beyond. The adaptable Payter platform accommodates a diverse range of payment technologies (NFC, EMV, ApplePay, GooglePay, etc.), international banking processes, closed-loop payment and loyalty schemes and telemetry.

Through continuous innovation and in-house development, we redefine how vendors connect with their customers, empowering them to boost revenue, enhance user experiences, and access real-time sales and performance data. We support a broad range of technologies, from Contact & Contactless EMV, Mifare, WiFi, 5G, Bluetooth, Touch Screens and more. Our state-of-the-art products have an extremely long service life, are of high quality, compliant with multiple international standards, boast great design, are user-friendly for all, multifunctional, and easy to integrate.

Examples of successful collaboration include:

• EV Charging: Fastned, Shell, BP, Ionity, Alfen, EVBOX
• Cashless Charity Donations: Hartstichting, WWF, Save the Children, Royal British Legion
• Food & Drink Vending: Coca Cola, Lavazza, Starbucks, Jacobs Douwe Egberts, Costa, Heineken, Maas International, Franke, WMF, Wurlitzer, Selecta
• Hospitality & public locations: Compass Group, Sodexo, Albron, TU Delft, TU Eindhoven
• Gaming & Entertainment: Pinball, Slot Machines, Gaming Arcades, Efteling
• Petrol Stations services Laundry, Car Wash, Kiosks, Toilets: Shell, BP, Exxon
• Special Products: Photo Booths, Dog Wash Station

Responsibilities:

• Security Architecture & Governance: Develop security architecture principles for processing environments and internal IT systems. Foster DevSecOps culture and embed security principles across all solutions and IT services. Design secure cloud architecture and internal IT infrastructure adhering to payment industry standards (PCI-DSS, PCI-PIN, PCI-P2PE).
• Security Implementation & Operations: Provide security requirements and oversight for software, cloud infrastructure, and internal IT projects. Harden cloud environments and internal IT systems against attacks and vulnerabilities. Implement and manage security assessment tools (vulnerability management, SIEM) across all environments. Lead comprehensive penetration testing program for payment applications, infrastructure, and internal systems.
• Risk Management & Compliance: Perform regular internal security audits and policy compliance reviews across all IT environments. Assess third-party vendor security risks against company standards for payment and IT services. Maintain security risk register for cloud and internal IT with appropriate escalation protocols. Develop, document and enforce security policies and procedures compliant with industry regulations for all systems. Guide annual PCI audits with external QSAs ensuring coverage of all applicable systems. Monitor evolving regulations and maintain compliance roadmap for payment and IT environments.
• Incident Response & Business Continuity: Lead full-cycle security incident response with stakeholder reporting for all system types. Collaborate on security aspects of business continuity and disaster recovery plans for payment and internal IT services.
• Security Awareness & Reporting: Deliver security awareness education programs covering payment and general IT security. Stay current with security trends across payment and enterprise IT, sharing insights company-wide. Develop security KPIs and metrics for leadership reporting covering all technology domains.
• Customer Support Activities: Support the business with your expertise by completing customer and other 3rd party security questionnaires, audits, or other similar activities.

What do we have to offer?

• Competitive compensation including a discretionary bonus based on business results.
• Great benefits like 25 leave days plus extra monthly "wellbeing days", a travel allowance and an attractive pension plan.
• We are great supporters of flexible working, but we need to align. If you're based in the Netherlands you can work from our homely office in Rotterdam close to public transport with a free lunch, or hybrid/remote from home, and potentially work part time. Alternatively we're also building our fully remote team in the UK. We're unfortunately not in a position to hire outside of these regions for now.
• Thrive in a close-knit environment valuing flexibility, work-life balance, and mental well-being.

Join Payter and become part of an international scale-up, shaping the future in a booming market where you can have impact and growth opportunities.

Technical skills:

• Security Technologies & Tools: Experience with SIEM solutions, proficiency with vulnerability management platforms, knowledge of container security solutions, experience with secret management solutions.
• Cloud & Infrastructure Security: Expertise in GCP IAM, security controls, and compliance frameworks, experience with infrastructure-as-code security validation, knowledge of cloud-native security services, understanding of zero trust network architecture principles.
• Application Security: Understanding of secure coding practices and code review techniques, knowledge of secure CI/CD pipeline implementation.
• Compliance & Risk Management: Experience implementing security controls for multiple compliance frameworks simultaneously, knowledge of payment technologies and standards, experience with security risk quantification methodologies, understanding of data privacy regulations beyond PCI (e.g., GDPR, CCPA).
• Incident Response & Forensics: Experience with digital forensics and incident response frameworks, knowledge of threat hunting techniques and tools, experience with security automation and orchestration platforms, understanding of threat intelligence platforms and implementation.

Soft Skills:

• Ability to influence security decisions across teams without direct authority.
• Experience mentoring junior security professionals and fostering team growth.
• Capability to translate technical security concepts for non-technical audiences.
• Understanding of business impact when implementing security controls.
• Skill in communicating security ROI and value to executive leadership.
• Skill in negotiating security requirements with vendors and third parties.
• Strong judgment when prioritising security risks and determining appropriate responses.
• Ability to make decisive recommendations under pressure during security incidents.
• Skill in evaluating complex security scenarios with limited information.
• Capacity to anticipate emerging threats and proactively address potential vulnerabilities.
• Experience guiding organisational change around security practices.
• Skill in managing resistance to security controls and requirements.
• Experience implementing cultural shifts toward greater security awareness.
• Ability to remain calm and effective during security incidents and crises.
• Adaptability to rapidly evolving threat landscapes and security technologies.
• Resilience when facing pushback on necessary security controls.
• Capacity to learn and implement new security approaches as the field evolves.

Got excited? After reading this job description, do you feel like getting to know us better and introducing yourself? Then click on the apply button! You'll hear from us as soon as possible!

A message for recruiters: We understand that you'd like to get in touch with us; we know how great Payter is. However, we're not seeking external assistance to fill this position, so you can save yourself the trouble and don't need to call us.