InfoSec is an utter mess, out of 60 people in InfoSec, except for IAM, only 1-2 know how to do security, compliance, or risk management. You will be surrounded by people who have no idea what they are doing, and why.
The ex-CISO didn't know what a VPN was -- never used one, didn't know what it did. He hired most of the people, so buckle your seatbelt Dorothy, 'cause Kansas is going bye-bye! All your dreams of becoming a security architect will be buried in this dump.
Team leads are fighting purely over what utter nonsense they will do next that sounds good but does nothing in terms of risk reduction. The compliance team barely understands compliance, the SOC hasn't written a single meaningful incident report in the 3+ years. It's a complete and utter mess. If you know how to open a Linux shell, you will be the brightest mind among them all. If you know what risk management means, you will be a shining star. But if you know these things, don't worry, they won't recognize your work, because all they care about is internal politics.
Stay away from InfoSec at Zalando. Join a company that you can grow in.
PS:
* Compensation is terrible
* InfoSec culture is one of infighting, greed, and nonsense
* Diversity&inclusion was so bad, someone was promoted AFTER they left the company, otherwise the company was afraid it will face legal action.
* HR and Internal Compliance is only there to protect executive management.
