The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy.

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade.

Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

As PayPal continues its mission to revolutionize commerce, we’re looking for a Cyber Reliability & Resilience Manager to join our PCIS / ICR team in our Luxembourg office. This is a senior governance, risk, and controls role within the First Line of Defense, responsible for ensuring PayPal Europe’s compliance with the EU Digital Operational Resilience Act (DORA) and other relevant European regulatory frameworks.

The role serves as a strategic bridge between the local obligations of a regulated entity and enterprise-wide technology and security operations. It ensures that digital operational resilience, cyber risk management, and regulatory compliance are effectively embedded into business strategy, change initiatives, and day-to-day operations.

If this sparks your interest, keep reading — the best is yet to come!

Job Description:

**Essential Responsibilities: **

Recognized as a security governance, risk, and compliance expert, independently addressing the most complex security risks and providing strategic direction on risk mitigation and governance practices across the security domain.
Define methods and procedures for new or special assignments, collaborating with cross-functional teams to drive security risk and governance initiatives that align with business needs and objectives.
Lead complex, high-impact security governance and risk management initiatives, leveraging a deep understanding of business trends and security challenges to develop innovative risk mitigation strategies and solutions.
Possess a keen awareness of the broader impact of decisions, with initiatives driving enterprise-wide improvements in risk management and security governance, enhancing overall security practices and operational efficiency.
Lead a security risk and governance team; set clear priorities and define actionable plans, ensuring alignment with organizational goals.
Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high-impact results.

Minimum Qualifications:

8+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Additional Responsibilities & Preferred Qualifications:

Your way to impact

The role carries end-to-end responsibility for monitoring, assessing, and reporting material ICT and cyber-related changes, overseeing the effectiveness of disaster recovery, business continuity, and cyber resilience controls, and acting as a subject matter expert for cyber incident management and regulatory reporting. The role provides entity-level senior management with assurance over the effectiveness of technology and cyber security control environment in line with supervisory expectations.

Your day-to-day

Digital Operational Resilience & DORA Accountability

Ensure the design, effectiveness, and ongoing testing of BCM, DR, and cyber resilience controls, including scenario testing, advanced testing techniques, and remediation tracking.
Actively contribute PayPal Europe’s First Line execution and oversight of DORA requirements, including technology risk management, business continuity, disaster recovery, cyber resilience, and operational resilience testing.
Oversee the monitoring and reporting of ICT resilience metrics and control effectiveness to senior management and governance forums.

**Change Management & Material Change Oversight **

Own and oversee PPEU material change management framework from technology, cyber, and resilience perspective.
Ensure new product launches, major technology changes, outsourcing arrangements, and strategic initiatives undergo appropriate due care and diligence, including information security risk assessment and regulatory impact analysis.
Monitor and challenge change initiatives to confirm compliance with relevant applicable obligations including: DORA, PSD2(& PSD3/PSR), GDPR, EBA Guidelines, and ECB supervisory expectations.
Act as a trusted advisor to business and technology leaders during major transformations, ensuring risks are transparently identified, assessed, and mitigated.

**ICT Control Oversight & Assurance **

Drive the planning, execution, and evaluation of ICT control testing and assurance activities, ensuring alignment between Enterprise outcomes and PayPal Europe’s local regulatory obligations.
Review, challenge, and validate control evidence across business lines and functional owners to maintain robust entity-level assurance.
Ensure timely closure of control deficiencies, effective remediation tracking, and escalation of material risks where necessary.
Identify recurring control weaknesses and advise on systemic improvements to strengthen the control environment.

**Incident Management & Regulatory Reporting **

Act as the First Line subject matter expert for ICT and cyber incident management, including severity assessment, escalation, and post-incident review.
Ensure incidents are assessed and reported in line with DORA, GDPR and other ECB/SEPA/EPC supervisory notification requirements.
Coordinate closely with enterprise security, legal, compliance, and communications teams during incident response and regulatory engagement.
Maintain high-quality documentation to support audits, supervisory reviews, and regulatory examinations.

**Regulatory Engagement & Senior Stakeholder Management **

Serve as key Luxembourg-based contact for ICT-related regulatory exams, audits, and supervisory interactions.
Prepare high-quality management information, assurance reporting, and regulatory responses for senior management, boards, and regulators.
Foster a culture of proactive risk ownership by providing guidance, challenge, and oversight to operational and technology leaders.

What you need to succeed:

7+ years of experience within financial services, payments, fintech, or regulated environments, with demonstrated senior-level responsibility.
Proven experience in ICT risk management, operational resilience, cyber risk, or regulatory oversight within a First Line or equivalent function.
Strong working knowledge of DORA, PSD2 (& PSD3/PSR), GDPR, EBA Guidelines and ECB supervisory expectations.
Hands-on experience with business continuity, disaster recovery, cyber resilience testing, and control effectiveness assessments.
Demonstrated expertise in incident management, regulatory notifications, and supervisory interactions.
Experience overseeing or challenging material change programs, new product launches, and complex technology transformations.
Proficiency with GRC tooling, risk data aggregation, and executive-level reporting.
Bachelor’s or Master’s degree in Information Technology, Information Security, Cybersecurity, Risk Management, or a related field.
Relevant professional certifications are strongly preferred, such as CISA, CISM, CRISC, ISO 22301 or ISO 27001 Lead Implementer / Auditor (a plus), Other comparable certifications may also be considered.

What you need to exceed:

Strong analytical mindset with the ability to assess complex ICT and cyber risk scenarios and translate them into clear management insights.
Excellent stakeholder management skills, with the confidence to challenge senior leaders constructively.
Ability to operate independently, prioritize effectively, and escalate material risks in a timely and proportionate manner.
High standards of documentation, reporting, accuracy, and regulatory discipline.
Resilience and composure in high-pressure environments, including incident response and regulatory scrutiny.

We Believe in You

Interested in knowing more? Don't hesitate to apply and let's talk – we'd love to get to know you!

Subsidiary:

PayPal

Travel Percent:

PayPal does not charge candidates any fees for courses, applications, resume reviews, interviews, background checks, or onboarding. When making an application directly, we will never ask you to share passwords, one-time passcodes (OTP), or verification codes. Any such request is a red flag and likely part of a scam. All communication regarding your application will come from official PayPal email domains. If you suspect fraudulent activity, please report it immediately. To learn more about how to identify and avoid recruitment fraud please visit https://careers.pypl.com/contact-us.

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset-you. That’s why we offer comprehensive, choice-based programs, to support all aspects of personal wellbeing—physical, emotional, and financial—delivering meaningful value where it matters most. We strive to create a flexible, balanced work culture with a holistic approach to benefits, including generous paid time off, healthcare coverage for you and your family, and resources to create financial security and support your mental health.

Who We Are:

Click Here to learn more about our culture and community.

**Commitment to Diversity and Inclusion **

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com.

Belonging at PayPal:

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.

The Company

Job Summary:

If this sparks your interest, keep reading — the best is yet to come!

Job Description:

**Essential Responsibilities: **

Recognized as a security governance, risk, and compliance expert, independently addressing the most complex security risks and providing strategic direction on risk mitigation and governance practices across the security domain.
Define methods and procedures for new or special assignments, collaborating with cross-functional teams to drive security risk and governance initiatives that align with business needs and objectives.
Lead complex, high-impact security governance and risk management initiatives, leveraging a deep understanding of business trends and security challenges to develop innovative risk mitigation strategies and solutions.
Possess a keen awareness of the broader impact of decisions, with initiatives driving enterprise-wide improvements in risk management and security governance, enhancing overall security practices and operational efficiency.
Lead a security risk and governance team; set clear priorities and define actionable plans, ensuring alignment with organizational goals.
Guide team members through complex challenges, fostering their growth and development while maintaining a focus on high-impact results.

Minimum Qualifications:

8+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Additional Responsibilities & Preferred Qualifications:

Your way to impact

Your day-to-day

Digital Operational Resilience & DORA Accountability

Ensure the design, effectiveness, and ongoing testing of BCM, DR, and cyber resilience controls, including scenario testing, advanced testing techniques, and remediation tracking.
Actively contribute PayPal Europe’s First Line execution and oversight of DORA requirements, including technology risk management, business continuity, disaster recovery, cyber resilience, and operational resilience testing.
Oversee the monitoring and reporting of ICT resilience metrics and control effectiveness to senior management and governance forums.

**Change Management & Material Change Oversight **

Own and oversee PPEU material change management framework from technology, cyber, and resilience perspective.
Ensure new product launches, major technology changes, outsourcing arrangements, and strategic initiatives undergo appropriate due care and diligence, including information security risk assessment and regulatory impact analysis.
Monitor and challenge change initiatives to confirm compliance with relevant applicable obligations including: DORA, PSD2(& PSD3/PSR), GDPR, EBA Guidelines, and ECB supervisory expectations.
Act as a trusted advisor to business and technology leaders during major transformations, ensuring risks are transparently identified, assessed, and mitigated.

**ICT Control Oversight & Assurance **

Drive the planning, execution, and evaluation of ICT control testing and assurance activities, ensuring alignment between Enterprise outcomes and PayPal Europe’s local regulatory obligations.
Review, challenge, and validate control evidence across business lines and functional owners to maintain robust entity-level assurance.
Ensure timely closure of control deficiencies, effective remediation tracking, and escalation of material risks where necessary.
Identify recurring control weaknesses and advise on systemic improvements to strengthen the control environment.

**Incident Management & Regulatory Reporting **

Act as the First Line subject matter expert for ICT and cyber incident management, including severity assessment, escalation, and post-incident review.
Ensure incidents are assessed and reported in line with DORA, GDPR and other ECB/SEPA/EPC supervisory notification requirements.
Coordinate closely with enterprise security, legal, compliance, and communications teams during incident response and regulatory engagement.
Maintain high-quality documentation to support audits, supervisory reviews, and regulatory examinations.

**Regulatory Engagement & Senior Stakeholder Management **

Serve as key Luxembourg-based contact for ICT-related regulatory exams, audits, and supervisory interactions.
Prepare high-quality management information, assurance reporting, and regulatory responses for senior management, boards, and regulators.
Foster a culture of proactive risk ownership by providing guidance, challenge, and oversight to operational and technology leaders.

What you need to succeed:

7+ years of experience within financial services, payments, fintech, or regulated environments, with demonstrated senior-level responsibility.
Proven experience in ICT risk management, operational resilience, cyber risk, or regulatory oversight within a First Line or equivalent function.
Strong working knowledge of DORA, PSD2 (& PSD3/PSR), GDPR, EBA Guidelines and ECB supervisory expectations.
Hands-on experience with business continuity, disaster recovery, cyber resilience testing, and control effectiveness assessments.
Demonstrated expertise in incident management, regulatory notifications, and supervisory interactions.
Experience overseeing or challenging material change programs, new product launches, and complex technology transformations.
Proficiency with GRC tooling, risk data aggregation, and executive-level reporting.
Bachelor’s or Master’s degree in Information Technology, Information Security, Cybersecurity, Risk Management, or a related field.
Relevant professional certifications are strongly preferred, such as CISA, CISM, CRISC, ISO 22301 or ISO 27001 Lead Implementer / Auditor (a plus), Other comparable certifications may also be considered.

What you need to exceed:

Strong analytical mindset with the ability to assess complex ICT and cyber risk scenarios and translate them into clear management insights.
Excellent stakeholder management skills, with the confidence to challenge senior leaders constructively.
Ability to operate independently, prioritize effectively, and escalate material risks in a timely and proportionate manner.
High standards of documentation, reporting, accuracy, and regulatory discipline.
Resilience and composure in high-pressure environments, including incident response and regulatory scrutiny.

We Believe in You

Interested in knowing more? Don't hesitate to apply and let's talk – we'd love to get to know you!

Subsidiary:

PayPal

Travel Percent:

Our Benefits:

Who We Are:

Click Here to learn more about our culture and community.

**Commitment to Diversity and Inclusion **

Belonging at PayPal:

Any general requests for consideration of your skills, please Join our Talent Community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.

Cyber Reliability & Resilience Manager

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

We Believe in You

We Believe in You