Country Information Security Manager

At PayPal (NASDAQ: PYPL), we believe that every person has the right to participate fully in the global economy. Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives.

Job Description Summary: Head of Information Security, Data and Security Oversight for greater China, Hong Kong, Korea and Taiwan.

**Job Description**:
Do you want to help create the future of money? PayPal is focussed on enabling commerce. We want to make it easier and safer to shop and pay for things you want, anywhere and at any time. We are focussed on developing solutions that deliver value for our large merchant and consumer base.

If you’re keen to join a fast growing team of highly motivated thinkers we might be the workplace for you.

We don’t create products because technology allows it - we use technology to make things work better. We listen to our customers and we want to create wonderful experiences that are commercially relevant.

We currently have an exciting opportunity for a Country Information Security Manager to join our growing team in Singapore.

Key Responsibilities
- Ensure PayPal’s information systems are under proper control from an information security point of view.
- Organise and lead the information security strategy and program at PayPal in close cooperation with the global information security teams.
- Manage the risks associated with the information systems.
- Support compliance with applicable regulatory requirements in regulated markets in Asia-Pacific including but not limited to PBOC, APRA, MAS, HKMA, etc.
- Coordinate with and support the regional teams that have operational involvement in securing the information systems of PayPal.

Deliverables and key activities

Develop and manage the information security strategy for PayPal
- Ensure the information security strategy enforces applicable local and regional regulatory requirements, and assess any new requirement that may be needed as a result of emerging regulations, with the support of PayPal’s Legal and Compliance teams.
- Develop, coordinate, publish, and maintain suitable procedures for handling cases of confidential information mismanagement (whether intentional or unintentional), taking into account national legislation as well as notification policies.
- Develop, coordinate, publish, and maintain a set of PayPal information security policies, standards, baselines and procedures based on the global set of security policies and guidelines, so as to meet the company’s legal and regulatory obligations.
- Liaise with the Global Enterprise Technology team to support alignment between the PayPal’s requirements and the services delivered through enterprise architecture.
- Ensure that there is a robust due diligence process that ensures information security requirements are adequately addressed in IT projects undertaken by or on behalf of PayPal.
- Manage information security incidents and events that impact PayPal or its customers, in close cooperation and coordination with the global teams responsible for crisis management and security incident response, as well as with PayPal’s senior management team.
- Ensure that information security awareness and training initiatives are implemented on behalf of PayPal by the global information security team, and that the training meets the regulatory obligations set forth by regulatory bodies as well as PayPal’s own standards.

Participate in the management of external partners / providers
- Oversee the security due diligence process on IT and information security issues for all new service providers/sub-contractors of PayPal.
- Support the security due diligence process led by global or regional teams, on IT and information security issues for mergers & acquisitions activities related to PayPal, as directed.

Governance and documentation of information security risks
- Localise the information security risks assessment process developed by the global information security team, and perform on-going risk assessment, reporting, and remediation in cooperation with regional or global information security teams.
- Confirm, advise, and elaborate on Enterprise Risk Management assessments that touch on areas relevant to information security, business continuity, and continuity of operations.
- Verify that the controls in place to detect and prevent the emergence of IT security related risks are properly documented and monitored by the information security operational teams.

Disaster recovery and business continuity planning
- Support PayPal’s Compliance team, other Technology teams, and the global Enterprise Resilience team in the planning and implementation of the Business Continuity and Disaster Recovery capabilities.
- Coordinate with the global crisis management capability during events impacting the confidentiality, integ