Cyber Resilience & ICT Risk Engineering Senior Manager

The Company PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers. We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities. Job Summary: As PayPal continues its mission to revolutionize commerce, we’re looking for a Cyber Reliability & Resilience Manager to join our PCIS / ICR team in our Luxembourg office. This is a senior governance, risk, and controls role within the First Line of Defense, responsible for ensuring PayPal Europe’s compliance with the EU Digital Operational Resilience Act (DORA) and other relevant European regulatory frameworks. The role serves as a strategic bridge between the local obligations of a regulated entity and enterprise-wide technology and security operations. It ensures that digital operational resilience, cyber risk management, and regulatory compliance are effectively embedded into business strategy, change initiatives, and day-to-day operations. If this sparks your interest, keep reading — the best is yet to come! Job Description: Essential Responsibilities: * Recognized as a security governance, risk, and compliance expert, independently addressing the most complex security risks and providing strategic direction on risk mitigation and governance practices across the security domain. * Define methods and procedures for new or special assignments, collaborating with cross-functional teams to drive security risk and governance initiatives that align with business needs and objectives. * Lead complex, high-impact security governance and risk management initiatives, leveraging a deep understanding of business trends and security challenges to develop innovative risk mitigation strategies and solutions. * Possess a keen awareness of the broader impact of decisions, with initiatives driving enterprise-wide improvements in risk management and security governance, enhancing overall security practices and operational efficiency. * Lead a security risk and governance team; set clear priorities and define actionable plans, ensuring alignment with organizational goals. * Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high-impact results. Minimum Qualifications: * 8+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience. Additional Responsibilities & Preferred Qualifications: Key Responsibilities Operational Resilience & Cyber Security • Drive the implementation and continuous improvement of PayPal Europe’s ICT operational resilience capabilities under DORA and related European regulatory frameworks. • Partner directly with infrastructure, cloud, security engineering, SRE, and product teams to strengthen resilience of critical ICT services and business processes. • Lead resilience testing activities including disaster recovery exercises, cyber simulations, failover validation, tabletop exercises, and scenario-based operational testing. • Support the secure design and resilience review of technology platforms, cloud environments, outsourcing arrangements, and major transformation initiatives. • Contribute to the identification, prioritization, and remediation of technology and cyber security risks impacting the regulated entity. ICT Risk & Secure Change Management • Act as First Line ICT risk lead for major technology changes, cloud migrations, new product launches, and operational transformation programs. • Perform practical ICT and cyber risk assessments across infrastructure, applications, third-party services, and operational processes. • Ensure security, resilience, and regulatory requirements are integrated into technology delivery lifecycles and operational processes. • Work closely with engineering and product stakeholders to ensure remediation plans are technically realistic, measurable, and effectively implemented. • Assess operational impacts of material ICT changes under DORA, PSD2/PSD3, GDPR, and ECB expectations. Incident Response & Regulatory Engagement • Serve as a senior First Line subject matter expert during cyber security incidents and operational disruption events. • Coordinate ICT incident assessment, regulatory notification inputs, root cause analysis, and remediation tracking. • Support engagement with European regulators including CSSF, CNPD, ECB, and external auditors during inspections, reviews, and incident-related communications. • Contribute to post-incident reviews and resilience improvement initiatives following operational or cyber events. Control Environment & Technical Risk Reduction • Support the implementation and operational effectiveness of ICT security and resilience controls across the regulated entity. • Partner with enterprise security and engineering teams to improve detection, recovery, resilience, and operational monitoring capabilities. • Track remediation of resilience and cyber control gaps and support risk-based prioritization activities. • Contribute to operational resilience metrics, KRIs, and executive reporting focused on measurable risk reduction outcomes. Education • Bachelor’s or Master’s degree in Cyber Security, Computer Science, Information Technology, Software Engineering, Information Systems, or a related technical discipline. • Strong preference for candidates with an engineering or technical operations background combined with experience in cyber security, operational resilience, or technology risk within regulated environments. • Professional certifications are highly desirable, particularly those demonstrating practical cyber security, resilience, or technology risk expertise, such as: o CISSP o CISM o CISA o CRISC o ISO 27001 Lead Implementer / Lead Auditor o ISO 22301 Business Continuity certifications o Cloud security certifications (AWS Security, Azure Security, GCP Security) are considered an advantage o SANS / GIAC certifications are considered a strong advantage • Additional training or certifications related to operational resilience, incident response, cloud infrastructure, cyber defence, or financial sector regulation are highly valued. • Knowledge of European regulatory frameworks and supervisory expectations (including DORA, CSSF, CNPD, ECB, EBA, PSD2/PSD3, and GDPR) is strongly preferred. Experience • 7+ years of experience within financial services, payments, fintech, or other regulated technology environments, with demonstrated senior-level responsibility in cyber security, ICT risk, operational resilience, or technology operations. • Proven experience operating within a First Line of Defence function or closely partnering with engineering, infrastructure, security operations, or technology delivery teams. • Strong practical understanding of enterprise technology environments, cloud infrastructure, cyber security operations, and ICT risk management practices. • Hands-on experience with: o operational resilience testing o disaster recovery and business continuity o cyber incident management o technology change risk assessments o control remediation and risk reduction initiatives • Strong working knowledge of DORA, PSD2/PSD3, GDPR, EBA Guidelines, and ECB supervisory expectations. • Experience engaging with European regulators and supervisory authorities such as CSSF, CNPD, ECB, or equivalent regulatory bodies is highly desirable. • Experience supporting or leading regulatory inspections, audits, operational resilience exercises, or major incident response activities. • Ability to work effectively across technical and non-technical stakeholders in fast-paced and highly regulated environments. • Familiarity with cloud platforms, infrastructure resilience, cyber security tooling, and modern technology operating models is considered a strong advantage. • Experience with GRC platforms, operational risk tooling, and executive-level risk reporting is beneficial but not the primary focus of the role. Core Competencies • Strong technical and analytical mindset with the ability to assess complex ICT and cyber security risks within modern technology environments. • Ability to translate technical risk scenarios into practical operational and management actions. • Credible partner to engineering, infrastructure, security, and product teams with the ability to influence and drive resilience improvements collaboratively. • Strong understanding of operational resilience, cyber security principles, and technology risk management within regulated financial environments. • Excellent stakeholder management and communication skills, including experience interacting with senior management, regulators, auditors, and technical teams. • Ability to operate independently, prioritize effectively, and make risk-based decisions in high-pressure or incident-driven situations. • Strong problem-solving capability with a focus on practical risk reduction and operational outcomes. • High standards of documentation, regulatory discipline, and execution quality. • Resilient and composed during cyber incidents, operational disruptions, and regulatory engagements. • Continuous improvement mindset with strong curiosity for emerging technology, cyber threats, and resilience practices. Subsidiary: PayPal Travel Percent: 0 PayPal does not charge candidates any fees for courses, applications, resume reviews, interviews, background checks, or onboarding. When making an application directly, we will never ask you to share passwords, one-time passcodes (OTP), or verification codes. Any such request is a red flag and likely part of a scam. All communication regarding your application will come from official PayPal email domains. If you suspect fraudulent activity, please report it immediately. To learn more about how to identify and avoid recruitment fraud please visit https://careers.pypl.com/contact-us. For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations. Our Benefits: At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset-you. That’s why we offer comprehensive, choice-based programs, to support all aspects of personal wellbeing—physical, emotional, and financial—delivering meaningful value where it matters most. We strive to create a flexible, balanced work culture with a holistic approach to benefits, including generous paid time off, healthcare coverage for you and your family, and resources to create financial security and support your mental health. Who We Are: Click Here to learn more about our culture and community. Commitment to Diversity and Inclusion PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com. Belonging at PayPal: Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal. Any general requests for consideration of your skills, please Join our Talent Community. We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.