CISO and Head of Cyber Risk, AU

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy. 

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards.  Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade. 

Our beliefs are the foundation for how we conduct business every day.  We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Description Summary:

What you need to know about the role:

Critical to PayPal’s senior management in Australia, this role is serving as an officer responsible and accountable for Technology, Data, and Information Security in compliance with Financial Accountability Regime (FAR) requirements.

This opportunity involves organizing and leading the cyber risk strategy and program for PayPal Australia in close collaboration with regional and global information security teams.

You will provide functional leadership in Australia for both internal and external initiatives and act as the primary voice of the Australian business at regional and global forums and act as a First Line of Defence.

Job Description:

Meet our team

Working in our matrixed structure, this role will manage PayPal Australia’s Cyber risk program in collaboration with regional and global teams as officer under the FAR regime working closely with senior management and board locally.

The role will report to Singapore with a dotted line locally in AU.

Your way to impact

• Develop and manage the information security strategy for PayPal Australia

• Ensure the information security strategy enforces applicable local and regional regulatory requirements and assess any new requirement that may be needed because of emerging regulations, with the support of PayPal’s Legal and Compliance teams.

• Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement (whether intentional or unintentional), considering national legislation as well as notification policies.

Your day-to-day

• Ensure PayPal’s information systems are under proper control from an information security and overall cyber risk point of view.

• Organise and lead the cyber risk strategy and program for PayPal Australia in close cooperation with the regional and global information security teams.

• Represent functional leadership in Australia for internal as well as external initiatives and be the primary voice of customer on behalf of Australia business at regional and global forums.

• Support PayPal’s senior management (in Australia) as an officer responsible and accountable on Technology, Data and Information Security-areas, as per Financial Accountability Regime (FAR) requirements.

• Support compliance with applicable regulatory requirements in Australia. Manage compliance for CPS 234 and 230 for internal and external stakeholder assurance.

• Coordinate with and support the regional teams that have operational involvement in securing the information systems of PayPal.

• Develop and manage the information security strategy for PayPal Australia

• Ensure the information security strategy enforces applicable local and regional regulatory requirements and assess any new requirement that may be needed because of emerging regulations, with the support of PayPal’s Legal and Compliance teams.

• Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement (whether intentional or unintentional), considering national legislation as well as notification policies.

• Manage PayPal Australia Cyber risk program in collaboration with regional and global teams as officer under the FAR regime working closely with senior mgmt and board locally.

• Develop, coordinate, publish, and maintain a set of PayPal information security policies, standards, baselines, and procedures based on the global set of security policies and guidelines, to meet the company’s legal and regulatory obligations.

• Liaise with global teams to support alignment between the local requirements and the services delivered through enterprise services.

• Ensure that there is a robust due diligence process that ensures information security requirements are adequately addressed in IT projects undertaken by or on behalf of PayPal.

• Manage information security incidents and events that impact PayPal or its customers, in close cooperation and coordination with the global teams responsible for crisis management and security incident response, as well as with PayPal’s senior management team.

• Ensure that information security awareness and training initiatives are implemented on behalf of PayPal by the global information security team, and that the training meets the regulatory obligations set forth by regulatory bodies as well as PayPal’s own standards.

• Participate in the management of external partners / providers

• Oversee the security due diligence process on IT and information security issues for all new service providers/sub-contractors of PayPal.

• Support the security due diligence process led by global or regional teams, on IT and information security issues for mergers & acquisitions activities related to PayPal, as directed.

• Governance and documentation of information security risks

• Localise the information security risks assessment process developed by the global information security team, and perform on-going risk assessment, reporting, and remediation in cooperation with regional or global information security teams.

• Confirm, advise, and elaborate on Enterprise Risk Management assessments that touch on areas relevant to information security, business continuity, and continuity of operations.

• Verify that the controls in place to detect and prevent the emergence of IT security related risks are properly documented and monitored by the information security operational teams.

• Disaster recovery and business continuity planning

• Support PayPal’s Compliance team, other Technology teams, and the global Enterprise Resilience team in the planning and implementation of the Business Continuity and Disaster Recovery capabilities.

• Coordinate with the global crisis management capability during events impacting the confidentiality, integrity, or availability of the information assets of PayPal.

• Provide the management of PayPal with subject matter expertise in information security to support their decision processes in case a crisis contingency eventuates.

What do you need to bring

• Tertiary qualifications stemming from Engineering, Computer Science, Technology Management, or other analytical degree; Master’s Degree or Ph.D. (or equivalent) preferred

• 12-15 years’ minimum experience in an IT security, risk management, or similar function. At least 5 years of this experience should involve executive-level communication and leading remote teams. Recent substantive interaction with C-level executives and boards of directors a plus.

• Excellent written and verbal skills; interpersonal and collaborative skills; and the ability to communicate information security-related concepts to technical and non-technical audiences.

• Strong influencing, negotiation, and relationship building skills; an ability to interface internally and externally to ensure successful, high-quality outcomes.

• Thorough understanding of how to effectively manage teams and lead projects supported by cross-functional/matrix team structures.

• Critical thinker with strong problem-solving skills, and the organisation agility needed to switch between strategic and tactical thinking.

• Ability to work with geographically distributed teams, especially with teams situated abroad and in different time zones.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.

Additional Job Description:

Subsidiary:

PayPal

Travel Percent:

0

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset—you. That’s why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.

We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit https://www.paypalbenefits.com.

Who We Are:

Click Here to learn more about our culture and community.

Commitment to Diversity and Inclusion 

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law.  In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities.  If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at talentaccommodations@paypal.com.  

Belonging at PayPal: 

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.