At PPRO, our mission is to simplify access to local payment methods and our vision is to enable the sale of goods and services to anyone in the world using their preferred way to pay. We empower partners such as Ant Group, PayPal and Stripe to access new markets, connect with more customers, and accelerate their growth.
Our strength lies in our diverse global team with 50+ nationalities and 10+ international locations- all united around one goal – to deliver the best possible products and services to our partners and customers. While our company mission is to keep innovating global commerce, our internal mission is to #chooseaction, #beopen, #thinkcustomer, #gofurther and #wintogether
The Purpose:
We’re looking for a dynamic, experienced Head of GRC to lead our global governance, risk and compliance agenda. It’s a key leadership role, reporting to the CISO, where you’ll have the opportunity to transform a next-gen GRC function that supports PPRO’s exciting growth trajectory.
This role is central to our vision as GRC as a business enable, maintaining our global regulatory posture while supporting our cloud-native, API-first payments business with operations across the EU, UK, LATAM, US and APAC.
It’s an exciting opportunity to drive strategic improvements across our enterpriseGRC framework, ensuring alignment with DORA, ISO27001, PCI DSS v4.0 and international regulatory requirements (e.g. CSSF requirements in Luxembourg, FCA in UK).
A strategic thinker, you’ll bring a modern, engineering-aware approach to GRC, focusing on smart automation, scalable processes and low-friction compliance, driving our 'secure-by-design, continuous compliance’ culture across multiple
continents and complex regulatory regimes.
This role has strategic breadth, operational depth and high visibility with senior cross-organisational stakeholders, regulators, auditors and customers. Your combination of regulatory discipline, operational pragmatism, strong leadership and deep customer-focus will build credibility and trust.
What you’ll do:
Lead PPRO’s global Security GRC strategy and team, to support our international regulatory and compliance footprint
Oversee and enhance our ISO27001:2022 and PCI DSS v4.0 programmes, building a culture of continuous compliance through automation and control transformation.
Partner with relevant functions to ensure ongoing DORA compliance, including security risk management, incident reporting, operational resilience testing and governance
Define and deliver a strategy for a pragmatic, high-value 2nd line automated control assurance programme, underpinned by relevant business metrics
Own and manage regulatory expectations on security topics by the CSSF in Luxembourg, FCA in the UK and other international bodies as relevant
Maintain and enhance PPRO’s security risk register, defining and delivering cross-organisation improvement and remediation roadmaps
Lead security control testing, issue management, KRI monitoring, SLA reporting and Board-level reporting
Act as Information Security Officer for PPRO’s local Luxembourg entity.
Own third party security risk management and oversight for PPRO across the full procurement lifecycle
Partner closely with Engineering to build shared understanding and transform controls via thoughtful automation, streamlining evidence collection and control monitoring
Act as the primary face to external auditors, regulatory examiners and major enterprise customers
Manage internal and external audits end-to-end, ensuring preparation, evidence readiness and smooth execution
Continually refine PPRO’s “always audit-ready” operating model.
Coach colleagues across Product, Engineering and business functions on regulatory expectations and risk-informed decision-making
Operate as a trusted partner to leadership teams, bringing pragmatic recommendations and crisp communication
What you’ll bring:
A proven track record transforming traditional GRC frameworks (ISO27001, PCI DSS, SOC2) into modern, automated, developer-friendly control assurance programmes.
Solid grounding in financial services regulation, payments, operational resilience, outsourcing/cloud guidelines etc.
Strong experience interacting with regulators and auditors (CSSF, FCA, etc.) and implementing regulatory requirements.
Proven ability to run risk management processes, control frameworks and audit cycles.
Experience evaluating technology, cyber and operational risks in a cloud-native environment.
Engineering-first mindset, with an understanding of cloud-native architectures (AWS preferred) and how GRC requirements fit into engineering workflows.
Experience with GRC tooling, workflow automation or process optimisation.
Ability to translate regulatory requirements into practical, technical control expectations.
Excellent communicator, capable of influencing executives, engineers, auditors and regulators
Pragmatic, commercially-minded, empathetic and customer-focused.
Deeply collaborative, comfortable and effective operating in a fast-paced, ambiguous environment
What's in it for you?:
Hybrid working - We offer a hybrid structure with a 3 days / week on site expectation, so you can strike the balance between office and home working. In addition to our 30-day holiday allowance, we also provide a work from abroad policy, enabling employees to work remotely for up to another 30 days per year
Learning and Development - We offer a €1,000 annual budget to support your professional growth—because investing in your development benefits us all. In addition, we provide leadership cafés, on-the-job training, and other opportunities to help you grow your skills and thrive in your role.
Lunch Vouchers - 12,80euros x 18 / month - Enjoy a moment of conviviality and a good and balanced meal thanks to your Lunch Pass.
Enhance Family Leave - We understand the importance of family - that's why we offer enhanced family leave to support you during key life moments.
Travel Insurance - because better safe than sorry - the travel insurance is covering (partially with certain excess amounts): Sickness, Costs in relation to rescission/break-off during a travel, Luggage and Accident.
Gym membership - PPRO helps contribute towards the costs of your gym membership, supporting your physical fitness journey while easing the burden on your wallet
Mental Health Platform - We’ve teamed up with a top well-being platform to provide one-on-one therapy, chat therapy, therapist-led courses, guided meditations, and more.
Our office - Located in Hollerich - two steps away from the Bouillon P+R and easily accessible with public transportations, our office is well equipped and is set up to foster team engagement and collaboration. From a walking distance to restaurants and bars, you are guaranteed to enjoy your lunches and afterworks.
Pet-friendly office- Because work is better with your paw-tners by your side
Our Principles:
We get things done: We are courageous; we take ownership, make decisions and get things done.
We act with trust and integrity: We listen first and challenge respectfully. We seek out and leverage diverse perspectives. We welcome and offer honest and open feedback, always assuming positive intent
We put the customer first: We are laser focused on delivering outstanding outcomes for our customers. We put the customer at the heart of what we do.
We make things better: We boldly explore new ideas and have an unwavering commitment to continuous improvement.
We work as a team: We collaborate closely and value team success over individual achievement.
