PayPal Head Cyber Risk - APAC 

Singapore, Singapore 

766747018

This job provides strategic counsel to senior executives, determines methods for addressing security risks, resolves high-impact security risks, drives the security governance roadmap, leads security strategy development, and inspires teams to pursue innovative solutions.

Essential Responsibilities:

• Provide expert advice and strategic counsel to senior executives, shaping the development of multi-year risk management and security governance strategies that align with business goals and long-term organizational objectives.
• Determine the most effective methods and strategies for addressing complex security risks, driving innovation through collaboration with cross-functional teams to shape the organization’s security risk management and governance landscape.
• Identify and resolve unique, high-impact security risks, applying deep expertise to situations of substantial significance, and develop innovative solutions that influence and strengthen the organization’s security framework.
• Drive the future risk management and security governance roadmap, shaping the security vision that supports business growth and mitigates risk to provide a competitive advantage.
• Lead the development and execution of key components of the multi-year security strategy, contributing to the broader security agenda within the organization.
• Inspire and motivate team(s) to pursue innovative solutions, ensuring alignment with the overall security strategy and business objectives, while fostering a culture of excellence and continuous improvement.

Minimum Qualifications:

• Minimum of 15 years of relevant work experience and a Bachelor's degree or equivalent experience.

Key Responsibilities:

• Ensure PayPal’s information systems are under proper control from an information security and overall technology point of view.
• Organise and lead the information security strategy and program for PayPal APAC in close cooperation with the regional and global information security teams.
• Lead and manage a team of Cyber Risk and Infosec officers for key markets in APAC.
• Manage the risks associated with the information systems.
• Support PayPal’s senior management (in APAC) on Data and Information Security-related issues, as subject matter expert (SME) to permit informed decisions.
• Support compliance with applicable regulatory requirements in regulated markets in markets across APAC. Experience with Cyber regulations and requirements from financial regulators like MAS TRM, HKMA C-RAF, RBI, FSA, PBOC, BNM, etc.
• Coordinate with and support the regional and global teams that have operational involvement in securing the information systems of PayPal, assessing and demonstrating compliance with Bank of England, FCA PRA’s policies on operational resilience.

Deliverables and key activities:

• Develop and manage the information security strategy for PayPal in Asia-Pacific.
• Manage a team of highly experienced Country CISOs
• Ensure the information security strategy enforces applicable local and regional regulatory requirements and assess any new requirement that may be needed because of emerging regulations, with the support of PayPal’s Legal and Compliance teams.
• Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement (whether intentional or unintentional), considering national legislation as well as notification policies.
• Develop, coordinate, publish, and maintain a set of PayPal information security policies, standards, baselines, and procedures based on the global set of security policies and guidelines, to meet the company’s legal and regulatory obligations.
• Liaise with global teams to support alignment between the local requirements and the services delivered through enterprise services.
• Ensure that there is a robust due diligence process that ensures information security requirements are adequately addressed in IT projects undertaken by or on behalf of PayPal.
• Manage information security incidents and events that impact PayPal or its customers, in close cooperation and coordination with the global teams responsible for crisis management and security incident response, as well as with PayPal’s senior management team.
• Ensure that information security awareness and training initiatives are implemented on behalf of PayPal by the global information security team, and that the training meets the regulatory obligations set forth by regulatory bodies as well as PayPal’s own standards.
• Participate in the management of external partners / providers
• Oversee the security due diligence process on IT and information security issues for all new serviceproviders/sub-contractorsof PayPal.
• Support the security due diligence process led by global or regional teams, on IT and information security issues for mergers & acquisitions activities related to PayPal, as directed.
• Governance and documentation of information security risks
• Localise the information security risks assessment process developed by the global information security team, and perform on-going risk assessment, reporting, and remediation in cooperation with regional or global information security teams.
• Confirm, advise, and elaborate on Enterprise Risk Management assessments that touch on areas relevant to information security, business continuity, and continuity of operations.
• Verify that the controls in place to detect and prevent the emergence of IT security related risks are properly documented and monitored by the information security operational teams.
• Disaster recovery and business continuity planning
• Support PayPal’s Compliance team, other Technology teams, and the global Enterprise Resilience team in the planning and implementation of the Business Continuity and Disaster Recovery capabilities.
• Coordinate with the global crisis management capability during events impacting the confidentiality, integrity, or availability of the information assets of PayPal.
• Provide the management of PayPal with subject matter expertise in information security to support their decision processes in case a crisis contingency eventuates.

Requirements:

• University Degree (Engineering, Computer Science, Technology Management, or other analytical degree); Master’s Degree or Ph.D. (or equivalent) preferred
• 15-20 years’ minimum experience in an IT security, risk management, or similar function. At least 5 years of this experience should involve executive-level communication and leading remote teams. Recent substantive interaction with C-level executives and boards of directors a plus.
• Excellent written and verbal skills; interpersonal and collaborative skills; and the ability to communicate information security-related concepts to technical and non-technical audiences.
• Strong influencing, negotiation, and relationship building skills; an ability to interface internally and externally to ensure successful, high-quality outcomes.
• Thorough understanding of how to effectively manage teams and lead projects supported bycross-functional/matrixteam structures.
• Critical thinker with strong problem-solving skills, and the organisation agility needed to switch between strategic and tactical thinking.
• Ability to work with geographically distributed teams, especially with teams situated abroad and in different time zones.

Our Benefits:

Any general requests for consideration of your skills, please