Cyber Security Lead

Social network you want to login/join with:

Client: Ant International

Location: Bolton, Greater Manchester, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views: 3

Posted: 04.06.2025

Expiry Date: 19.07.2025

About Us:

Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. We support merchants worldwide in realizing their growth aspirations through a comprehensive range of tech-driven digital payment and financial services solutions. Our goal is to become the most trusted digital services connector, fostering sustainable growth of global commerce.

Our focus areas include Travel, Trade, Technology, and Talent, aiming to enhance the digital capacities of businesses worldwide through collaborative efforts with partners, driving responsible innovation and increasing market accessibility for global SMEs. Our key businesses include Alipay+, Antom, WorldFirst, and ANEXT Bank.

As a GRC Lead, you will ensure compliance with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical expertise, strategic thinking, and experience in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience.

• Support compliance with GDPR and regulations like DORA, including incident reporting and data protection.
• Translate PSD2 SCA, PCI DSS, and SWIFT CSP requirements into technical security controls.
• Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls).
• Manage and update Security Policies and procedures.

• Design and implement third-party risk management programs for vendors, cloud providers, and outsourced services.
• Ensure compliance with DORA outsourcing requirements, including due diligence, contracts, and continuity planning.

• Participate in internal/external audits (ISO 27001, SOC 2) and regulatory exams, focusing on third-party and outsourcing compliance.
• Address gaps in processes or documentation.
• Maintain the enterprise risk register, prioritizing risks related to third-party dependencies and ICT disruptions.
• Use methodologies to quantify risks.

• Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance.
• Understand IAM strategies, including RBAC and PAM.
• Conduct periodic user access reviews to ensure least privilege and regulatory compliance.
• Manage security awareness programs.

• 5+ years experience in GRC roles; financial services or banking experience is a strong plus.
• Knowledge of GDPR, DORA, PCI DSS, and third-party risk management.
• Hands-on experience with ISO 27001 implementation and risk tools.
• Proficiency in IAM solutions and user access reviews.
• Familiarity with cloud technologies and IT infrastructure.
• Strong understanding of NIST frameworks and CIS Controls.
• Certifications such as CRISC, CISSP, CISM, or CISA are preferred (or equivalent experience).