Senior Security GRC Lead at Ant Group

, , Luxembourg -

Full Time

Start Date

Immediate

Expiry Date

22 Mar, 26

Salary

0.0

Posted On

22 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Governance, Risk Management, Compliance, DORA, CSSF Regulations, Cloud Security, SIEM, Incident Response, Security Awareness, Leadership, Communication, Problem-Solving, Project Management, Security Architecture, Emerging Technologies

Industry

Financial Services

Description

Ant International strives to become the most trusted digital services connector to achieve sustainable growth of global commerce. With a focus on Travel, Trade, Technology, and Talent, Ant International is committed to enhancing the digital mindset and capacities of businesses worldwide. Through fostering collaborative efforts with partners, we are driving responsible innovation and increase market accessibility for global SMEs. In EMEA we do so across 3 key businesses: Alipay+, Antom and WorldFirst (Where you will partner as HRBP+ also). Team Introduction: We are seeking an experienced Senior Security GRC Lead to join our dynamic fintech team in Luxembourg. This critical role will be responsible for developing and maintaining our comprehensive information security governance, risk, and compliance framework in alignment with CSSF regulations, DORA requirements, and international standards. The successful candidate will play a pivotal role in ensuring our digital operational resilience and protecting our financial services infrastructure. This position provides dedicated security governance support with a 50/50 split between: 50% supporting the EMEA regional team with security strategy, risk management, and security compliance initiatives 50% supporting the local Luxembourg entity with CSSF regulatory compliance, DORA implementation, and local security operations Key responsibilities: 1. Information Security Strategy & Governance Develop and maintain the information security strategy, ensuring alignment with business objectives and regulatory requirements Establish and oversee the information security governance framework, including policies, standards, and procedures Lead the Information Security Committee and provide regular reporting to senior management 2. Regulatory Compliance Management DORA Compliance: Ensure full compliance with the Digital Operational Resilience Act (DORA) requirements, including ICT risk management, incident reporting, digital operational resilience testing, and third-party risk management CSSF Regulations: Maintain compliance with CSSF Circular 25/880 and other relevant Luxembourg financial regulations Industry Standards: Ensure adherence to PSD2-SCA, PCI-DSS, SWIFT CSP, ISO27001, and other applicable financial industry standards EBA (European Banking Authority) guidelines and technical standards 3. Risk Management Framework Identify, assess, and prioritize security risks across the organization Develop and implement comprehensive risk mitigation strategies and action plans Conduct regular ICT risk assessments and oversee the annual Long Form Report preparation Implement and maintain a robust third-party vendor security risk management program 4. Digital Operational Resilience Design and implement the DORA-compliant ICT risk management framework Plan and execute digital operational resilience testing programs, including threat-led penetration testing Establish and maintain incident response capabilities aligned with DORA incident reporting requirements Implement continuous security monitoring and threat detection capabilities 5. Security Architecture & Technology Good understanding of Technology and Security architectural designs Good understanding of SIEM, DLP, Endpoint Security 6. Security Awareness & Culture Oversee and deliver Security awareness and training programs Foster a security-conscious culture throughout the organization Provide security guidance and support to business units and technical teams 7. Audit & Regulatory Engagement Act as the primary contact point for IT security audits, inspections, and regulatory examinations Coordinate responses to regulatory inquiries and implement corrective actions Maintain relationships with CSSF and other regulatory authorities Job requirements and expectations: Experience: 5+ years in information security management roles as Security GRC Lead, or equivalent position in the financial services industry Technical Background: Strong technical foundation in cloud security, IT infrastructure, and application security Regulatory Expertise: DORA (Digital Operational Resilience Act) and its implementation requirements CSSF regulations, including Circular 25/880 on ICT security and risk management PSD2-SCA, PCI-DSS, SWIFT CSP, and other financial industry standards ISO27001 and NIST cybersecurity frameworks Technical Skills Cloud Security: Good background of Cloud Security controls and best practices Security Technologies: Good Knowledge of SIEM, EDR, vulnerability management, and identity management solutions Architecture: Understanding Security architectures Emerging Technologies: Knowledge of AI security. Professional Competencies Leadership: Proven ability to lead security initiatives and influence stakeholders at all levels Communication: Excellent presentation and communication skills, with experience presenting to Risk Management Committees, Board of Directors, and regulatory bodies Problem-Solving: Strong analytical and decision-making abilities in complex regulatory environments Project Management: Experience managing security projects and compliance initiatives

Responsibilities

The Senior Security GRC Lead will develop and maintain the information security governance, risk, and compliance framework, ensuring alignment with regulations and standards. This role involves supporting both the EMEA regional team and the local Luxembourg entity in security strategy and compliance initiatives.