Team: Product and Technology China
Location: Shanghai
Please send your resume to Echo, Recruiter @ PayPal if you are interested in this position: [email protected]
Job Description Summary
PayPal is the faster, safer way to pay and get paid online. The service allows people to send money without sharing financial information, with the flexibility to pay using their account balances, bank accounts, credit cards or promotional financing. With 165 million active accounts in 203 markets and 26 currencies around the world, PayPal enables global ecommerce. More information about the company can be found at PayPal.com.
The Product & Technology, China team is looking for a passionate, self-driven Information Security Manager join the team in Shanghai. The person will play a critical role in risk assessing and securing PayPal’s infrastructure and applications in China, connecting the different solutions for our customer base into solid and comprehensive offerings in a secure and compliant fashion, working in a global framework but leading and consulting local teams to respect the nuances. The ideal candidate is a self-starter and self-motivated individual with strong passion and experience in the payment landscape in China, positive work ethic and a "can do" attitude. In this position, you will work in a cross-functional team across product, engineering, product marketing, , brand, sales, risk, compliance, legal, operations and more to ensure the success of our products in China. This position is highly visible in the organization and involves frequent interaction with the senior executives as well as all other levels and external stakeholders, locally and globally.
Responsibilities
• Interpret and influence PayPal Information Security policies, standards, and IT/security controls in China
• Planning, supporting, facilitating, coordinating and executing Information Security risk assessments.
• Work in collaboration with corporate information security and various technical teams in the design and implementation of control self-assessments, and risk assessments.
• Create, document, and implement control test plans, scripts, and procedures.
• Investigate, analyze and document reported control defects.
• Partner with Issues Management, Standards and Compliance teams to develop effective process for monitoring, reporting and escalating compliance related issues and exceptions.
• Work with cross-functional teams in performing reviews and tests of IT internal controls to ensure teams are operating adequate controls.
• Partner with Security Awareness teams to proactively promote enhanced security controls and training across IT and business units.
• Create, monitor data points into the IT risk management activities, including monthly dashboards, metrics, and reporting.
• Directs IT functional teams in the development, implementation, monitoring and reporting of control processes.
• Advises IT and business executives on the status of risks and security findings.
• Develop automated process to document and score IT/Security control effectiveness based on maturity level and map to corresponding residual risk scores.
Job Requirements
• 10+ years of combined experience in related information security and technology fields, and risk and control governance.
• 4+ years of experience with technology risk assessment and control validation
• Broad security knowledge across common industry security standards (e.g., ISO, NIST, COSO, COBIT, and others).
• Possess either of the following certifications: CISSP, CISA, CISM, or GIAC.
• Familiarity with risk management methodologies and tools such as FAIR, RiskLens, or similar is a plus.
• Technical knowledge of security technologies and architecture in multiple security domains (such as infrastructure hardening, privileged access, data security, endpoint security, anti-malware, network security, application security and others).
• Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively.
•Ability to plan, organize, and meet deadlines without close supervision
• Bachelor’s degree from an accredited college (Information Technology, Information Assurance, Cyber Security or related disciplines preferred)