Job Summary:The Manager, Governance & Risk Solutions Engineering is a is a technical leadership role within the AI, Data and Platform Technology (ADAPT) organization responsible for driving automated control monitoring, engineering-led remediation, and scalable risk solutions across ADAPT's complex technology infrastructure. This role serves as the primary technical connector between ADAPT internal stakeholders, the Business Risk and Compliance Liaison (BRCL) function, and the Second Line of Defense (SLOD), ensuring adherence to enterprise frameworks while enabling business agility and operational resilience through technology-enabled improvements. The ideal candidate brings deep technical knowledge of risk lifecycle management, hands-on experience with GRC platforms and compliance tooling, strong internal audit partnership experience, and a proven track record of delivering engineering-driven risk solutions within complex, matrixed financial services or fintech environments.
Job Description:Essential Responsibilities: - Leverage specialized security governance and risk expertise to identify and address complex security risks, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning strategies with business priorities
- Partner across teams and key stakeholders to drive security risk and governance initiatives, leading and solutioning complex projects and programs to strengthen overall security posture.
- Apply advanced analytical skills and sound judgment to assess and mitigate security risks, considering diverse perspectives and innovative solutions. Stay informed on industry trends and regulatory landscape while evaluating their security implications within the context of the PayPal's governance framework.
- Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in risk mitigation strategies and overall security practices.
- Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into security governance processes and risk management practices.
- Develop and articulate clear plans and priorities for the team, guiding them to achieve security risk and governance objectives while fostering a collaborative and high-performance environment.
- Lead by example, providing mentorship and support to ensure the team successfully executes on initiatives and goals.
Minimum Qualifications:- 5+ years relevant experience and a Bachelor's degree OR Any equivalent combination of education and experience.
Additional Responsibilities & Preferred Qualifications:Key Responsibilities:- Issue Management & Technical Remediation: Drive the end-to-end ADAPT Issue Management lifecycle, including identification, documentation, engineering-led remediation oversight, and sustainable closure. Drive technical root cause analyses, code-level vulnerability remediation, and engineering sprint integration to ensure systemic risk reduction across the organization.
- Technical Control Engineering: Design, build, and operationalize automated control monitoring frameworks and risk detection tooling, leveraging data pipelines, dashboards, and alerting systems to enable real-time risk visibility across ADAPT's technology stack. Automate recurring control deficiencies and drive continuous improvement through scalable, technology-enabled solutions.
- Stakeholder & Second Line Engagement: Partner with internal and external risk and compliance stakeholders, including Cybersecurity, SLOD, and Product & Engineering teams, to support business initiatives and execute Second Line of Defense requirements, tracking progress on control process adherence and technical mitigation strategies.
- Risk & Compliance Advisory: Provide technical advisory on the Enterprise Risk and Compliance Management Framework within the ADAPT organization, spanning Issue and Incident Management, New Hire Compliance Training, Policy Management, and Product Change Management, translating regulatory and policy requirements into actionable technical control specifications.
- Proactive Risk Monitoring: Drive and oversee proactive monitoring of risk initiatives, including live bugs, security vulnerabilities, issues & remediation plans, and root cause analyses ensuring timely remediation and continuous improvement of operational resilience.
- Risk Mitigation & Remediation: Develop and propose effective technical risk mitigation and remediation strategies, including engineering remediation blueprints and corrective action plans. Collaborate with ADAPT engineering leaders to implement sustainable solutions and integrate remediation efforts into existing development workflows.
- Internal Audit Partnership: Serve as the primary technical liaison for Internal Audit engagements, translating audit findings into engineering remediation plans, owning evidence collection across technology systems, and driving closure of audit-identified and self-identified issues with measurable technical outcomes. Surface emerging risk themes and exposures for timely leadership action.
- Leadership Enablement & Reporting: Lead leadership enablement by developing and managing biweekly executive presentations that consolidate KPI metrics and program health updates, providing senior management with comprehensive visibility into ADAPT risk initiatives.
- Governance & Standardization: Drive consistency and excellence across risk deliverables through standardized methodologies, templates, and review protocols aligned with enterprise governance standards.
- Strategic Connector & Culture of Risk: Serve as a strategic connector between ADAPT internal stakeholders, BRCL, and the Second Line, ensuring framework adherence while enabling business agility and supporting a culture of risk awareness
- Reporting & Executive Insights: Prepare detailed technical reports and presentations on risk analysis findings, emerging trends, and the effectiveness of risk management strategies for senior management and key stakeholders.
- ADAPT Risk Champions Lead: Lead and operationalize the ADAPT Risk Champions Community by partnering with ADAPT leaders to embed domain-level risk ownership, drive proactive monitoring of OOSLA, RCAs, and vulnerabilities, establish structured cadences and dashboards, ensure timely SLA management, and serve as the central bridge between domain teams and enterprise Risk, Audit, and SLOD partners to strengthen ADAPT's overall risk posture.
Expected Qualifications: - 7+ years of relevant experience in technical risk management, compliance engineering, internal audit, security operations, or related disciplines within a financial services or fintech environment, combined with a bachelor's degree in Computer Science, Engineering, Information Systems, or equivalent education and experience.
- At least 3 years in a technically focused risk, security engineering, or compliance engineering role with direct ownership of engineering-led remediation efforts.
- Hands-on experience with GRC platforms (e.g., Archer, ServiceNow GRC) and risk/compliance tooling, as well as data and reporting automation (e.g., SQL, Tableau, Python scripting).
- Demonstrated ability to lead complex, technically driven risk functions in a large, matrixed environment.
- Experience working directly with engineering and platform teams to remediate security vulnerabilities, infrastructure risks, and compliance gaps at the system level.
- Familiarity with cloud security frameworks (e.g., SOC 2, ISO 27001, NIST) and experience translating regulatory requirements into technical control specifications.
- Executive presence and experience engaging VP-level and above stakeholders.
- Proven ability to introduce and scale automation or technology-enabled improvements within control or risk processes.
- Excellent verbal, written, and presentation skills, with experience presenting technical risk findings to senior leadership.
Preferred Qualifications: - Experience in payments, fintech, or two-sided network/marketplace businesses with exposure to KYC/AML, data privacy, and financial regulatory requirements.
- Proven ability to introduce and scale automation or technology-enabled improvements within control or risk processes, reducing manual effort and improving detection accuracy.
- Strong ability to build and maintain relationships with key stakeholders, including influencing engineering and product teams to prioritize and execute risk remediation.
- Experience performing internal and external technical risk reporting, supporting preparation and coordination of audit evidence packages and compliance assessments.
- Ability to ramp quickly and take command in critical technical incidents, ensuring effective real-time coordination and communication across engineering teams for swift and effective resolution.
- Ability to coach and mentor team members, fostering development, consistency, collaboration, and a high-performance engineering risk culture.
- Relevant certifications such as CISSP, CISA, CRISC, or equivalent preferred.
Subsidiary:PayPal
Travel Percent:0
The base pay for this role will depend on where you work and the relevant experience and expertise you bring. The expected range of pay for this role by location is:
Primary Location | Pay Range:San Jose, California | ($159,500.00 - $236,500.00 Annually)
Additional Location(s) | Pay Range:Austin, Texas | ($145,000.00 - $215,050.00 Annually)
Additional compensation for this role may include an annual performance bonus, equity, or other incentive compensation, as applicable.
For the majority of employees, PayPal's balanced hybrid work model offers 3 days in the office for effective in-person collaboration and 2 days at your choice of either the PayPal office or your home workspace, ensuring that you equally have the benefits and conveniences of both locations.
Our Benefits:At PayPal, we're committed to building an equitable and inclusive global economy. And we can't do this without our most important asset-you. That's why we offer comprehensive, choice-based programs, to support all aspects of personal wellbeing-physical, emotional, and financial-delivering meaningful value where it matters most. We strive to create a flexible, balanced work culture with a holistic approach to benefits, including generous paid time off, healthcare coverage for you and your family, and resources to create financial security and support your mental health.
