Senior GRC & Cybersecurity Lead

A leading US based BNPL is looking for a highly experienced Senior GRC & Cybersecurity Lead to drive governance, risk, compliance, and cybersecurity initiatives across its fintech and cloud technology environment.
This is a senior-level leadership role requiring expertise across IT governance, cybersecurity, compliance frameworks, audit management, cloud technologies, and GRC automation. The successful candidate will collaborate closely with engineering, legal, compliance, executive leadership, and global security stakeholders to strengthen risk visibility, improve operational security maturity, and scale security and compliance programs through automation and process optimization.

Responsibilities:
- Lead IT governance, risk, and compliance activities across the organization
- Manage IT risk frameworks covering cloud, infrastructure, applications, and networks
- Maintain risk assessments, risk registers, and ongoing monitoring processes
- Lead third-party and vendor security risk reviews and assessments
- Provide security and risk recommendations to management and business stakeholders
- Manage compliance programs for SOC1, SOC2, ISO27001, NIST CSF, APPI, and financial regulations
- Lead audit preparation, evidence collection, remediation tracking, and audit readiness
- Develop and maintain security policies, standards, and procedures
- Provide compliance and risk reporting to management and stakeholders
- Conduct IT audits and improve audit readiness processes
- Manage GRC platforms such as RSA Archer and Vanta
- Develop automation workflows using scripting, AI tools, and automation platforms
- Integrate compliance and security processes into Jira, Confluence, Slack, and operational tools
- Build dashboards and reporting to improve visibility into risks and compliance status
- Support implementation of cybersecurity controls and governance processes
- Work with IT and engineering teams to integrate security into operations and systems
- Lead incident response planning, tabletop exercises, and post-incident reviews
- Communicate cybersecurity risks and compliance status to executives and leadership teams
- Promote security awareness and security-first culture initiative
- Coordinate with PayPal global teams on security and compliance initiatives
- Work closely with Legal, Compliance, Engineering, Risk, and Operations teams
- Act as the main contact for auditors, regulators, vendors, and internal stakeholders on cybersecurity and compliance matters


Why should you apply:
- Diversified team with 230+ colleagues from 35+ countries 
- Exciting work opportunities in a rapid-growing organization 
- Cross-functional collaboration 
- Hybrid remote work model - minimum 2 times in office per week (subject to change at company discretion) 
- Competitive salary and benefits 

Company Details: 
The company is Japan’s pioneer and leading provider of Buy Now, Pay Later (BNPL) services, focused on delivering simple, seamless, and secure payment experiences that make shopping effortless and enjoyable.
It leverages proprietary technology, advanced data analytics, and machine learning to underwrite transactions in real time — providing instant credit decisions and guaranteeing payments to merchants. Through its innovative approach, the company helps partners increase conversion rates, reduce incomplete transactions, and drive repeat purchases. Now part of a global digital payments group, the company continues to operate independently under its own brand, maintaining a strong commitment to innovation, reliability, and customer-centric design.
The organization continues to evolve its technology to make shopping easier and more engaging — both online and offline. It offers IT professionals the opportunity to build scalable systems, develop cutting-edge financial technologies, and help shape the future of digital payments in Japan.

Working Hours: 9:00 - 18:00 (Mon-Fri)
Work Style: Hybrid (2 days in office)
Holidays: Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
Services/Benefits:  Social insurance, Employee Pension Scheme, Transportation Fee
Interview:  4 ~ 5 rounds of interview 

- 7+ years of experience in IT Risk Management, GRC, Information Security, or IT Audit
- Strong experience with SOC1, SOC2, ISO27001, NIST CSF, APPI, and financial compliance frameworks
- Hands-on experience with RSA Archer, Vanta, or similar GRC tools
- Strong understanding of AWS, infrastructure, networking, and application security
- Experience conducting IT audits in regulated environments
- Experience with scripting, automation, and AI-assisted tools
- Experience using Jira and Confluence in compliance or cybersecurity operations
- Strong communication and stakeholder management skills