Lead Cyber Security Engineer

About Us:

Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. In close collaboration with partners, we support merchants of all sizes worldwide to realize their growth aspirations through a comprehensive range of tech-driven digital payment and financial services solutions.

Ant International strives to become the most trusted digital services connector to achieve sustainable growth of global commerce.

With a focus on Travel, Trade, Technology, and Talent, Ant International is committed to enhancing the digital mindset and capacities of businesses worldwide. Through fostering collaborative efforts with partners, we are driving responsible innovation and increasing market accessibility for global SMEs.

We do so across our 4 key businesses: Alipay+, Antom, WorldFirst, and ANEXT Bank.

Role Overview:

As a

GRC Lead , you will ensure alignment with

European regulations

(e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing

third-party risk ,

outsourcing compliance , and

identity governance

to safeguard operational resilience.

What you will be doing:

Regulatory & Technical Compliance:

Support compliance with

GDPR

and complementary regulations like

DORA (Digital Operational Resilience Act) , ensuring alignment in areas such as incident reporting and data protection.
Translate requirements from

PSD2 SCA ,

PCI DSS , and

SWIFT CSP

into technical security controls.
Maintain

IT security governance frameworks

(ISO 27001, NIST CSF, CIS Controls).
Manage and maintain Security Policies and procedures.
Third-Party Risk & Outsourcing Management:

Design and implement

third-party risk management

programs to assess vendors, cloud providers, and outsourced services.
Ensure compliance with

DORA’s outsourcing requirements , including due diligence, contract oversight, and continuity planning.
Audit & Assurance:

Participate in

internal/external audits

(ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance.
Remediate gaps in processes or documentation.
Risk Management:

Maintain the enterprise

risk register , prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions.
Quantify risks using methodologies.
Technical Compliance & Security:

Advise on

vulnerability management ,

endpoint security (EDR/XDR) , and

cloud compliance .
Good understanding of

IAM (Identity and Access Management)

strategies, including role-based access control (RBAC) and privileged access management (PAM).
Conduct periodic

user access reviews

to ensure compliance with least privilege principles and regulatory requirements.
Security awareness management experience.
What we are looking for:

Experience:

5+ years in GRC roles;

financial services or banking experience is a strong plus .
Regulatory Knowledge:

Understanding of

GDPR ,

DORA , PCI DSS, and outsourcing/third-party risk requirements.
Technical Skills:

Hands-on experience with

ISO 27001 implementation

and

third-party risk tools .
Proficiency in

IAM (Identity and Access Management)

solutions and conducting

user access reviews .
Familiarity with cloud technology and IT infrastructure.
Framework Expertise:

Strong knowledge of

NIST frameworks

(CSF, 800-53) and

CIS Controls .
Certifications:

CRISC, CISSP, CISM, or CISA preferred

(equivalent experience considered).

#J-18808-Ljbffr