The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy.

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade.

Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

Provide strong UK cyber/technology risk operational leadership in support of the UK Entity CISO. The role leads day-to-day execution of agreed UK cyber risk activities across key workstreams including cloud modernisation and operational resilience; co-develops committee packs with the UK Entity CISO; drives collaboration across PCIS, ICR and technology teams; and leads UK cyber security awareness activity. The role also contributes to progressing UK regulatory and cyber/technology security strategy and maturity, aligned to UK and PCIS priorities.

Job Description:

Essential Responsibilities:

• Recognized as a security governance, risk, and compliance expert, independently addressing the most complex security risks and providing strategic direction on risk mitigation and governance practices across the security domain.
• Define methods and procedures for new or special assignments, collaborating with cross-functional teams to drive security risk and governance initiatives that align with business needs and objectives.
• Lead complex, high-impact security governance and risk management initiatives, leveraging a deep understanding of business trends and security challenges to develop innovative risk mitigation strategies and solutions.
• Possess a keen awareness of the broader impact of decisions, with initiatives driving enterprise-wide improvements in risk management and security governance, enhancing overall security practices and operational efficiency.
• Lead a security risk and governance team; set clear priorities and define actionable plans, ensuring alignment with organizational goals.
• Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high-impact results.

Minimum Qualifications:

• 8+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Key responsibilities

1) UK cyber risk operational execution and delivery

• Maintain a UK-focused view of priority cyber/technology risk items across change, issues, and assurance activity.

• Run an operating rhythm (cadence, trackers, prioritisation) to keep UK topics current and decision-ready.

• Translate UK Entity CISO priorities into defined workstreams with clear ownership, timelines, and outcomes.

2) Cloud modernisation: visibility, regulatory enablement and acceleration (UK scope)

• Maintain visibility of UK-relevant cloud modernisation activity (migrations, platform changes, decommissioning, architecture shifts) and provide concise UK-focused updates.

• Actively participate in highlighting regulatory requirements and cyber security opportunities for cloud modernisation, drawing on knowledge from UK obligations and wider work within ICR teams (e.g., surfacing where evidence is needed, where controls can be strengthened, and where consistent patterns can be reused).

• Partner with technology and programme leads to ensure UK scope is represented in plans and that regulatory/security considerations are addressed early.

• Joint-lead the ICR OKR initiative to accelerate cloud regulatory assessment and sign-off.

• As part of membership of the cloud OKR initiatives, ensure UK cloud modernisation insights, regulatory requirements and evidence needs are fed into OKR delivery and continuous improvement (in support of the UK Entity CISO agenda, which the CISO owns and directs).

• Participate in and support technical assessment processes (led by accountable teams) by clarifying UK regulatory expectations, reviewing outputs for completeness of narrative/evidence, and helping package the results for governance decision-making.

• Highlight items that require UK Entity CISO attention or leadership support to unblock.

3) Operational resilience workstreams (UK scope)

• Maintain visibility of UK operational resilience workstreams impacting Important Business Services (IBS), including technology dependencies, material issues, and remediation actions.

• Ensure actions have clear ownership and progress, and that evidence is available for governance needs.

• Support timely awareness of IBS-impacting events and ensure follow-up actions are progressed through to closure.

4) Governance and committee packs (joint development with UK Entity CISO)

• Co-develop committee packs with the UK Entity CISO: propose structure, draft sections, integrate inputs, and ensure readiness to deadline.

• Produce executive-ready content: clear status snapshots, key messages, decision points for consideration, and evidence links.

• Plan agendas and pre-reads, capture actions/decisions, and drive follow-through so governance translates into delivery.

5) Cross-functional delivery across PCIS, ICR and technology teams

• Build and sustain working relationships across PCIS/ICR and technology/service owners to progress UK priorities.

• Remove blockers, clarify ownership, and ensure follow-up actions are completed.

• Represent UK cyber risk operational needs in working forums as agreed with the UK Entity CISO.

6) UK regulatory and security strategy contribution (aligned to UK and PCIS priorities)

• Contribute to the development and progression of UK regulatory, cyber and technology security strategy and maturity objectives, aligned with UK Entity needs and PCIS priorities.

• Contribute to the delivery of practical initiatives and measurable outcomes (e.g., maturity improvements, evidence readiness, consistent control expectations) and contribute to their integration into governance materials and work plans.

• Maintain a UK-focused view of priority maturity opportunities and provide concise updates, options and recommendations for UK Entity CISO consideration.

7) System-led insight and evidence management

• Use Firefly, Jira, Confluence, ServiceNow, Archer, AuditBoard (and related tooling) to source, validate, and maintain evidence for UK governance and risk needs.

• Improve traceability (owners, dates, links, current status) to support rapid briefing and escalation when required.

8) UK cyber security awareness activities

• Own the UK cyber security awareness plan aligned to PCIS strategy.

• Deliver UK-tailored comms and reusable materials (posts, talking points, FAQs) and run local events/awareness moments.

What success looks like

• Cloud modernisation activity is UK-ready: regulatory requirements are surfaced early, evidence is reusable, and the cloud regulatory assessment/sign-off cycle time improves through the ICR OKR initiative.

• Operational resilience topics are visible, well-managed, and supported with clear evidence for governance.

• Committee packs are delivered on time with strong narrative, clean evidence, and clear decision points.

• UK regulatory and security maturity objectives progress in line with UK and PCIS priorities, with clear initiatives and evidence of improvement.

• UK awareness activity is embedded and delivered as part of a predictable annual rhythm.

Skills and experience

• Experience in cyber/technology risk, security governance, cloud governance/assurance, operational resilience support, or similar roles (regulated environment beneficial).

• Strong executive writing (committee pack content, briefings, action logs).

• Proven ability to lead cross-functional delivery and influence stakeholders.

• Confident using Jira/Confluence (or equivalents) and reporting/risk tooling.

Subsidiary:

PayPal

Travel Percent:

0

PayPal does not charge candidates any fees for courses, applications, resume reviews, interviews, background checks, or onboarding. When making an application directly, we will never ask you to share passwords, one-time passcodes (OTP), or verification codes. Any such request is a red flag and likely part of a scam. All communication regarding your application will come from official PayPal email domains. If you suspect fraudulent activity, please report it immediately. To learn more about how to identify and avoid recruitment fraud please visit https://careers.pypl.com/contact-us.

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset-you. That’s why we offer comprehensive, choice-based programs, to support all aspects of personal wellbeing—physical, emotional, and financial—delivering meaningful value where it matters most. We strive to create a flexible, balanced work culture with a holistic approach to benefits, including generous paid time off, healthcare coverage for you and your family, and resources to create financial security and support your mental health.

Who We Are:

Click Here to learn more about our culture and community.

Commitment to Diversity and Inclusion

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com.

Belonging at PayPal:

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.