Cyber Security Lead

Social network you want to login/join with:

Client: Ant International

Location: luton, bedfordshire, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views: 3

Posted: 04.06.2025

Expiry Date: 19.07.2025

About Us:

Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. We support merchants of all sizes worldwide to realize their growth aspirations through tech-driven digital payment and financial services solutions. Our goal is to become the most trusted digital services connector for sustainable growth of global commerce, focusing on Travel, Trade, Technology, and Talent, and fostering responsible innovation and increased market accessibility for global SMEs across our key businesses: Alipay+, Antom, WorldFirst, and ANEXT Bank.

Role Overview:

As a GRC Lead, you will ensure compliance with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical expertise, strategic thinking, and experience in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience.

What you will be doing:

Regulatory & Technical Compliance:

• Support GDPR compliance and regulations like DORA, including incident reporting and data protection.
• Translate PSD2 SCA, PCI DSS, and SWIFT CSP requirements into technical security controls.
• Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls).
• Manage and update Security Policies and procedures.

Third-Party Risk & Outsourcing Management:

• Design and implement third-party risk management programs.
• Ensure outsourcing compliance with DORA, including due diligence, contract oversight, and continuity planning.

Audit & Assurance:

• Participate in audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance.
• Address gaps in processes or documentation.
• Maintain risk register, prioritizing risks related to third-party dependencies, outsourcing, and ICT disruptions.
• Use methodologies to quantify risks.

Technical Compliance & Security:

• Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance.
• Understand IAM strategies, including RBAC and PAM.
• Conduct user access reviews to ensure least privilege and regulatory compliance.
• Experience in security awareness management.

What we are looking for:

• 5+ years in GRC roles; experience in financial services or banking is a plus.
• Knowledge of GDPR, DORA, PCI DSS, and third-party risk management.
• Hands-on experience with ISO 27001 and risk tools.
• Proficiency in IAM solutions and access reviews.
• Familiarity with cloud technology and IT infrastructure.
• Strong understanding of NIST frameworks and CIS Controls.
• Certifications: CRISC, CISSP, CISM, or CISA preferred (or equivalent experience).