Mauro P.

Leading all aspects of information security for the Zalando Payments platform, including strategy, governance, and risk management, reporting to the Chief Risk Officer.

Key Responsibilities:

• Own the enterprise information security strategy and operating model, ensuring alignment with board expectations for risk management, auditability, and resilience in a large scale payments environment.

• Partner with product and engineering teams to integrate secure design, threat modeling, and DevSecOps controls across the payment product lifecycle.

• Act as the executive accountable leader for the organization’s security posture, responsible for risk management and reporting to the board on KPIs, incidents, and control effectiveness.

• Accountable for the design and effectiveness of security controls aligned with DORA, PCI DSS, and ISO 27001, providing board level assurance on compliance status and residual risk.

Key Achievements:

• Built a unified security controls framework mapping PCI, GDPR, DORA and ISO requirements, enabling automated evidence collection and consistent audit readiness.

• Strategic Leadership: Driving the evolution of security operations to align with Zalando's business objectives and regulatory requirements, fostering a proactive and resilient security posture. Managing €5M cost center budgets and forecasts for personnel and operational expenses.

• Cloud Infrastructure Security Engineering: Overseeing the development and implementation of scalable security controls across cloud environments, ensuring robust protection for critical infrastructure and workloads.

• Offensive Security: Enhancing the organization's threat exposure management through penetration testing, vulnerability assessment, and secure code reviews, creating a risk-aware culture.

• SOC: Strengthening threat detection, incident response, and threat hunting capabilities through the adoption of cutting-edge tools, techniques, and continuous improvement of use case lifecycle management.

Built and scaled global Security Operations across Cloud Security, CSIRT, SOC, and Threat Intelligence, operating under a 24/7 Follow-the-Sun model across Germany, Argentina, and Singapore. Achieved automation at scale: executed 280K jobs, saving 64K hours and $2M in costs; cut failure rates by 51% and vulnerability remediation from 90 to 30 days.

Led the Application Security and Incident Response functions, implementing SAST/DAST programs globally and establishing a 24/7 CSIRT. Introduced orchestration and automation, achieving a 0.56 automation ratio and enhancing incident response scalability.