Paymenttools is on a mission to transform the payment landscape for retailers in Europe. With more than 4,4 billion visitors per year in our more than 15,000 REWE Group stores and travel agencies in 21 countries we know exactly what consumers and merchants need when exchanging goods for money. We strongly believe in making payments seamless and invisible, linking them with value added services within the framework of a reliable identity service. Our mantra: #wesolvepayn. We blend cutting-edge technology with stringent security to protect sensitive payment data while nurturing innovation in a cloud-native tech environment.
We are looking for a pragmatist, not a theorist. Compliance is often seen as a blocker, but at Paymenttools, it is a product feature. As our PCI Compliance Manager, you will be the architect of our compliance strategy for both Paymenttools and the entire REWE Group. You won't just "manage audits"; you will build the internal bridges that make security effortless for our engineers, logistics teams, and store managers. Your goal: To build an internal competence centre that balances strict regulation with our cloud-native agility.
Your Tasks
- You design "paved roads" (standardised, secure paths) so that compliance becomes the default, not an afterthought. You will consult our product and tech teams before they build.
- Translate PCI requirements into practical processes for non-IT areas like Terminal Logistics, Facility Management, and Store Operations. You can find solutions that work in a busy supermarket, not just on paper.
- Adjust to your audience. You adapt to "Tech" language (for our engineers) and "Business" (for stakeholders). You facilitate constructive dialogue between IT experts and operational departments.
- Own the Audit. Manage our external QSAs (e.g., USD, ATSec). You will be our primary advocate, challenging dogmatic interpretations to ensure our solutions are both secure and economically viable.
- Define how we handle complex topics like P2PE, tokenisation, and segmentation across our market and cloud networks.
Your Profile
- At least 3 years of deep, hands-on experience with PCI DSS (v3.2.1 / v4.0) in a complex environment.
- You are solution-oriented. You understand that "compliant" does not have to mean "complicated". You can think in processes and workflows.
- Credentials: Certifications such as QSA, ISA, PCIP, CISSP, or CISM (previously or currently)
- Understanding of Network Segmentation, Encryption, Point-to-Point Encryption, and Cloud Security well enough to meet architects at eye level.
- Strong communication skills to negotiate with auditors and guide internal teams from experience.
- Experience with Project Management and knowledge of payment technologies such as terminals and gateway is a bonus.
- Business level English is required, German is a strong plus for business reasons inside the broader REWE group.
Our Benefits
- Deutschland ticket, subsidized subscription
- 1.000 euro annual learning and development budget + internal training platforms
- Discounts on travel, fashion, technology, and more through our corporate benefits
- REWE discount card for REWE group retailers
- JobRad, affordable bicycle leasing
- Company pension plan
- Insurance services
Perks of Working With Us
- Hybrid working environment
- Flexible working hours that fit your workflow, your time matters
- Language courses (English and German)
- Responsibility from day one
- Work with modern and agile software such as Google Workspace, Slack, Asana, Jira, Lattice, Miro and Confluence
- Company events including Hackathons and Company Days
- Ask us more about these!
We are looking forward to getting to know you - so, even if you feel that you don’t quite meet all the requirements, but the position still excites you and you think you would love to work with us, please reach out! We would still love to hear from you. We explicitly encourage applicants within