PayPal Manager Cybersecurity Risk 

France, Auvergne-Rhône-Alpes 

567426262

We’re seeking an experienced technology professional to lead oversight efforts in the area of Third Party Technology and Security practices across the enterprise. This role requires deep expertise in vendor risk management, supply chain security, third-party governance frameworks, and continuous monitoring capabilities. As part of the Technology and Security Oversight team, you will be instrumental in establishing and maintaining a comprehensive oversight framework for third-party relationships and vendor risk management activities.

Essential Responsibilities:

• Leverage specialized security governance and risk expertise to identify and address complex security risks, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning strategies with business priorities
• Partner across teams and key stakeholders to drive security risk and governance initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to assess and mitigate security risks, considering diverse perspectives and innovative solutions. Stay informed on industry trends and regulatory landscape while evaluating their security implications within the context of the PayPal’s governance framework.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in risk mitigation strategies and overall security practices.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security governance processes and risk management practices.
• Develop and articulate clear plans and priorities for the team, guiding them to achieve security risk and governance objectives while fostering a collaborative and high-performance environment.
• Lead by example, providing mentorship and support to ensure the team successfully executes on initiatives and goals.

Expected Qualifications:

• 5+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Additional Responsibilities:

• Provide independent second‑line oversight and effective challenge across the third‑party lifecycle: planning, due diligence, contracting, onboarding, ongoing monitoring, change management, and exit.
• Review and challenge technology/security due diligence activities, vendor risk tiering/criticality, concentration risk, and fourth‑party/chain risk determinations.
• Recognized as a third-party risk governance and compliance expert, independently addressing complex vendor concentration risks, criticality segmentation challenges, and providing strategic direction on third-party risk mitigation strategies across the technology and security domains.
• Validate KRIs/KPIs andcontinuous‑monitoringapproaches (including external rating and attack‑surface telemetry); synthesize monthly/quarterly trends and themes.
• Lead targeted deep‑dive and thematic reviews of high‑risk or material vendors; document clear risk statements, opinions, and recommendations.
• Validate issue remediation and risk acceptances; escalate where residual risk exceeds appetite and track closure to completion.
• Prepare committee‑ready reporting and dashboards; brief senior technology, security, and risk leaders on posture, emerging risks, and systemic themes related to third party risk.
• Contribute to annual risk assessment, maturity assessments, and policy/standard maintenance for third‑party technology and security.
• Partner with first‑line stakeholders while preserving independence; provide consultative guidance that enables prudent, risk‑informed decisions.

Minimum Qualifications:

• 7+ years in technology risk, cybersecurity, or IT audit; 4+ years directly focused on third‑party/vendor risk.
• Advanced knowledge of third-party risk assessment frameworks, including Shared Assessments SIG, ISO 27001/27002, SOC 2 Type II attestations, and vendor security control validation methodologies.
• Demonstrated experience with vendor technology and security due diligence, criticality segmentation and exit-strategy planning.
• Deep understanding of continuous attack-surface monitoring tools, vendor security rating platforms, and automated evidence collection for third-party attestation tracking.
• Knowledge of current and emerging third-party risks (e.g., supply chain attacks, fourth-party risks, AI/ML vendor risks); vendor cybersecurity threats and vulnerabilities; industry standard control frameworks (e.g., NIST Cybersecurity Framework, ISO 27000 series); and prominent data privacy and security regulations globally.
• Strong work ethic with proven ability to learn quickly, prioritize work, and manage complex deliverables to completion under established deadlines.
• Superb consultative, adjudicative, investigative, and influencing skills, including business acumen, stakeholder empathy, and conflict resolution, as well as general comfort working in a dynamic, global, fluid, and matrixed working environment.
• Exceptional verbal and written communication and analysis skills, including experience developing high-quality written analysis, strategy, or standards documents
• Unquestionable professional and ethical integrity, ideally demonstrated through experience with projects of a sensitive, privileged, or confidential nature.
• Ability to approach and understand problems from a statistical or quantitative perspective and draw meaningful, accurate conclusions, as well as scrutinize models and inferences for misleading or overlooked considerations.
• Degree in a relevant discipline, such as cybersecurity, business, engineering, risk management, or computer science.

Travel Percent:

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit .

The US national annual pay range for this role is $100,500 to $173,250

Our Benefits:

Any general requests for consideration of your skills, please