Manager, Cybersecurity Risk

The Company

PayPal has been revolutionizing commerce globally for more than 25 years. Creating innovative experiences that make moving money, selling, and shopping simple, personalized, and secure, PayPal empowers consumers and businesses in approximately 200 markets to join and thrive in the global economy.

We operate a global, two-sided network at scale that connects hundreds of millions of merchants and consumers. We help merchants and consumers connect, transact, and complete payments, whether they are online or in person. PayPal is more than a connection to third-party payment networks. We provide proprietary payment solutions accepted by merchants that enable the completion of payments on our platform on behalf of our customers.

We offer our customers the flexibility to use their accounts to purchase and receive payments for goods and services, as well as the ability to transfer and withdraw funds. We enable consumers to exchange funds more safely with merchants using a variety of funding sources, which may include a bank account, a PayPal or Venmo account balance, PayPal and Venmo branded credit products, a credit card, a debit card, certain cryptocurrencies, or other stored value products such as gift cards, and eligible credit card rewards. Our PayPal, Venmo, and Xoom products also make it safer and simpler for friends and family to transfer funds to each other. We offer merchants an end-to-end payments solution that provides authorization and settlement capabilities, as well as instant access to funds and payouts. We also help merchants connect with their customers, process exchanges and returns, and manage risk. We enable consumers to engage in cross-border shopping and merchants to extend their global reach while reducing the complexity and friction involved in enabling cross-border trade.

Our beliefs are the foundation for how we conduct business every day. We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team with our customers at the center of everything we do – and they push us to ensure we take care of ourselves, each other, and our communities.

Job Summary:

We’re seeking an experienced technology professional to lead oversight efforts in the area of Third Party Technology and Security practices across the enterprise. This role requires deep expertise in vendor risk management, supply chain security, third-party governance frameworks, and continuous monitoring capabilities. As part of the Technology and Security Oversight team, you will be instrumental in establishing and maintaining a comprehensive oversight framework for third-party relationships and vendor risk management activities.

Job Description:

Essential Responsibilities:

• Leverage specialized security governance and risk expertise to identify and address complex security risks, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning strategies with business priorities
• Partner across teams and key stakeholders to drive security risk and governance initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
• Apply advanced analytical skills and sound judgment to assess and mitigate security risks, considering diverse perspectives and innovative solutions. Stay informed on industry trends and regulatory landscape while evaluating their security implications within the context of the PayPal’s governance framework.
• Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in risk mitigation strategies and overall security practices.
• Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security governance processes and risk management practices.
• Develop and articulate clear plans and priorities for the team, guiding them to achieve security risk and governance objectives while fostering a collaborative and high-performance environment.
• Lead by example, providing mentorship and support to ensure the team successfully executes on initiatives and goals.

Expected Qualifications:

• 5+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.

Preferred Qualification:

Additional Responsibilities:

• Provide independent second‑line oversight and effective challenge across the third‑party lifecycle: planning, due diligence, contracting, onboarding, ongoing monitoring, change management, and exit.
• Review and challenge technology/security due diligence activities, vendor risk tiering/criticality, concentration risk, and fourth‑party/chain risk determinations.
• Recognized as a third-party risk governance and compliance expert, independently addressing complex vendor concentration risks, criticality segmentation challenges, and providing strategic direction on third-party risk mitigation strategies across the technology and security domains.
• Validate KRIs/KPIs and continuous‑monitoring approaches (including external rating and attack‑surface telemetry); synthesize monthly/quarterly trends and themes.
• Lead targeted deep‑dive and thematic reviews of high‑risk or material vendors; document clear risk statements, opinions, and recommendations.
• Validate issue remediation and risk acceptances; escalate where residual risk exceeds appetite and track closure to completion.
• Prepare committee‑ready reporting and dashboards; brief senior technology, security, and risk leaders on posture, emerging risks, and systemic themes related to third party risk.
• Contribute to annual risk assessment, maturity assessments, and policy/standard maintenance for third‑party technology and security.
• Partner with first‑line stakeholders while preserving independence; provide consultative guidance that enables prudent, risk‑informed decisions.

Minimum Qualifications:

• 7+ years in technology risk, cybersecurity, or IT audit; 4+ years directly focused on third‑party/vendor risk.
• Advanced knowledge of third-party risk assessment frameworks, including Shared Assessments SIG, ISO 27001/27002, SOC 2 Type II attestations, and vendor security control validation methodologies.
• Demonstrated experience with vendor technology and security due diligence, criticality segmentation and exit-strategy planning.
• Deep understanding of continuous attack-surface monitoring tools, vendor security rating platforms, and automated evidence collection for third-party attestation tracking.
• Knowledge of current and emerging third-party risks (e.g., supply chain attacks, fourth-party risks, AI/ML vendor risks); vendor cybersecurity threats and vulnerabilities; industry standard control frameworks (e.g., NIST Cybersecurity Framework, ISO 27000 series); and prominent data privacy and security regulations globally.
• Strong work ethic with proven ability to learn quickly, prioritize work, and manage complex deliverables to completion under established deadlines.
• Superb consultative, adjudicative, investigative, and influencing skills, including business acumen, stakeholder empathy, and conflict resolution, as well as general comfort working in a dynamic, global, fluid, and matrixed working environment.
• Exceptional verbal and written communication and analysis skills, including experience developing high-quality written analysis, strategy, or standards documents
• Unquestionable professional and ethical integrity, ideally demonstrated through experience with projects of a sensitive, privileged, or confidential nature.
• Ability to approach and understand problems from a statistical or quantitative perspective and draw meaningful, accurate conclusions, as well as scrutinize models and inferences for misleading or overlooked considerations.
• Degree in a relevant discipline, such as cybersecurity, business, engineering, risk management, or computer science.

Subsidiary:

PayPal

Travel Percent:

0

-

PayPal is committed to fair and equitable compensation practices.

Actual Compensation is based on various factors including but not limited to work location, and relevant skills and experience.

The total compensation for this practice may include an annual performance bonus (or other incentive compensation, as applicable), equity, and medical, dental, vision, and other benefits. For more information, visit https://www.paypalbenefits.com

.

The US national annual pay range for this role is $100,500 to $173,250

PayPal does not charge candidates any fees for courses, applications, resume reviews, interviews, background checks, or onboarding. Any such request is a red flag and likely part of a scam. To learn more about how to identify and avoid recruitment fraud please visit https://careers.pypl.com/contact-us

.

For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.

Our Benefits:

At PayPal, we’re committed to building an equitable and inclusive global economy. And we can’t do this without our most important asset—you. That’s why we offer benefits to help you thrive in every stage of life. We champion your financial, physical, and mental health by offering valuable benefits and resources to help you care for the whole you.

We have great benefits including a flexible work environment, employee shares options, health and life insurance and more. To learn more about our benefits please visit https://www.paypalbenefits.com

.

Who We Are:

Click Here

to learn more about our culture and community.

Commitment to Diversity and Inclusion

PayPal provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, PayPal will provide reasonable accommodations for qualified individuals with disabilities. If you are unable to submit an application because of incompatible assistive technology or a disability, please contact us at paypalglobaltalentacquisition@paypal.com

.

Belonging at PayPal:

Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. Belonging at PayPal means creating a workplace with a sense of acceptance and security where all employees feel included and valued. We are proud to have a diverse workforce reflective of the merchants, consumers, and communities that we serve, and we continue to take tangible actions to cultivate inclusivity and belonging at PayPal.

Any general requests for consideration of your skills, please Join our Talent Community

.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates. Please don’t hesitate to apply.