PayPal Head Cyber Risk - UK 

United Kingdom, England, City of London 

356865240

Key Responsibilities:

• Ensure PayPal’s information systems are under proper control from an information security and overall technology point of view.
• Organise and lead the information security strategy and program for PayPal United Kingdom in close cooperation with the regional and global information security teams.
• Manage the risks associated with the information systems.
• Support PayPal’s senior management (in UK) on Data and Information Security-related issues, as subject matter expert (SME) to permit informed decisions.
• Support compliance with applicable regulatory requirements in regulated markets in UK. Experience with FCA regulations like Electronic Money Regulations 2011 (EMR), Payment services Regulations 2017 (PSR), Senior Management Arrangements, Systems and Controls (SYSC) handbook, UK GDPR and Data Protection Act 2018, etc.
• Coordinate with and support the regional and global teams that have operational involvement in securing the information systems of PayPal, assessing and demonstrating compliance with Bank of England, FCA PRA’s policies on operational resilience.

Deliverables and key activities:

• Develop and manage the information security strategy for PayPal UK
• Ensure the information security strategy enforces applicable local and regional regulatory requirements and assess any new requirement that may be needed because of emerging regulations, with the support of PayPal’s Legal and Compliance teams.
• Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement (whether intentional or unintentional), considering national legislation as well as notification policies.
• Develop, coordinate, publish, and maintain a set of PayPal information security policies, standards, baselines, and procedures based on the global set of security policies and guidelines, to meet the company’s legal and regulatory obligations.
• Liaise with global teams to support alignment between the local requirements and the services delivered through enterprise services.
• Ensure that there is a robust due diligence process that ensures information security requirements are adequately addressed in IT projects undertaken by or on behalf of PayPal.
• Manage information security incidents and events that impact PayPal or its customers, in close cooperation and coordination with the global teams responsible for crisis management and security incident response, as well as with PayPal’s senior management team.
• Ensure that information security awareness and training initiatives are implemented on behalf of PayPal by the global information security team, and that the training meets the regulatory obligations set forth by regulatory bodies as well as PayPal’s own standards.
• Participate in the management of external partners / providers
• Oversee the security due diligence process on IT and information security issues for all new serviceproviders/sub-contractorsof PayPal.
• Support the security due diligence process led by global or regional teams, on IT and information security issues for mergers & acquisitions activities related to PayPal, as directed.
• Governance and documentation of information security risks
• Localise the information security risks assessment process developed by the global information security team, and perform on-going risk assessment, reporting, and remediation in cooperation with regional or global information security teams.
• Confirm, advise, and elaborate on Enterprise Risk Management assessments that touch on areas relevant to information security, business continuity, and continuity of operations.
• Verify that the controls in place to detect and prevent the emergence of IT security related risks are properly documented and monitored by the information security operational teams.
• Disaster recovery and business continuity planning
• Support PayPal’s Compliance team, other Technology teams, and the global Enterprise Resilience team in the planning and implementation of the Business Continuity and Disaster Recovery capabilities.
• Coordinate with the global crisis management capability during events impacting the confidentiality, integrity, or availability of the information assets of PayPal.
• Provide the management of PayPal with subject matter expertise in information security to support their decision processes in case a crisis contingency eventuates.

Requirements:

• University Degree (Engineering, Computer Science, Technology Management, or other analytical degree); Master’s Degree or Ph.D. (or equivalent) preferred
• 15-20 years’ minimum experience in an IT security, risk management, or similar function. At least 5 years of this experience should involve executive-level communication and leading remote teams. Recent substantive interaction with C-level executives and boards of directors a plus.
• Excellent written and verbal skills; interpersonal and collaborative skills; and the ability to communicate information security-related concepts to technical and non-technical audiences.
• Strong influencing, negotiation, and relationship building skills; an ability to interface internally and externally to ensure successful, high-quality outcomes.
• Thorough understanding of how to effectively manage teams and lead projects supported bycross-functional/matrixteam structures.
• Critical thinker with strong problem-solving skills, and the organisation agility needed to switch between strategic and tactical thinking.
• Ability to work with geographically distributed teams, especially with teams situated abroad and in different time zones.

Our Benefits:

Any general requests for consideration of your skills, please