PPRO

Head of Security Governance, Risk & Compliance

PPRO

full-time

Posted on:

Location Type: Hybrid

Location: Hollerich • 🇱🇺 Luxembourg

Visit company website
AI Apply
Apply

Job Level

Lead

Tech Stack

AWSCloud

About the role

  • Lead PPRO’s global Security GRC strategy and team, to support our international regulatory and compliance footprint
  • Oversee and enhance our ISO27001:2022 and PCI DSS v4.0 programmes, building a culture of continuous compliance through automation and control transformation.
  • Partner with relevant functions to ensure ongoing DORA compliance, including security risk management, incident reporting, operational resilience testing and governance
  • Define and deliver a strategy for a pragmatic, high-value 2nd line automated control assurance programme, underpinned by relevant business metrics
  • Own and manage regulatory expectations on security topics by the CSSF in Luxembourg, FCA in the UK and other international bodies as relevant
  • Maintain and enhance PPRO’s security risk register, defining and delivering cross-organisation improvement and remediation roadmaps
  • Lead security control testing, issue management, KRI monitoring, SLA reporting and Board-level reporting
  • Act as Information Security Officer for PPRO’s local Luxembourg entity.
  • Own third party security risk management and oversight for PPRO across the full procurement lifecycle
  • Partner closely with Engineering to build shared understanding and transform controls via thoughtful automation, streamlining evidence collection and control monitoring
  • Act as the primary face to external auditors, regulatory examiners and major enterprise customers
  • Manage internal and external audits end-to-end, ensuring preparation, evidence readiness and smooth execution
  • Continually refine PPRO’s “always audit-ready” operating model.
  • Coach colleagues across Product, Engineering and business functions on regulatory expectations and risk-informed decision-making
  • Operate as a trusted partner to leadership teams, bringing pragmatic recommendations and crisp communication

Requirements

  • A proven track record transforming traditional GRC frameworks (ISO27001, PCI DSS, SOC2) into modern, automated, developer-friendly control assurance programmes.
  • Solid grounding in financial services regulation, payments, operational resilience, outsourcing/cloud guidelines etc.
  • Strong experience interacting with regulators and auditors (CSSF, FCA, etc.) and implementing regulatory requirements.
  • Proven ability to run risk management processes, control frameworks and audit cycles.
  • Experience evaluating technology, cyber and operational risks in a cloud-native environment.
  • Engineering-first mindset, with an understanding of cloud-native architectures (AWS preferred) and how GRC requirements fit into engineering workflows.
  • Experience with GRC tooling, workflow automation or process optimisation.
  • Ability to translate regulatory requirements into practical, technical control expectations.
  • Excellent communicator, capable of influencing executives, engineers, auditors and regulators.
  • Pragmatic, commercially-minded, empathetic and customer-focused.
  • Deeply collaborative, comfortable and effective operating in a fast-paced, ambiguous environment
Benefits
  • Hybrid working - We offer a hybrid structure with a 3 days / week on site expectation, so you can strike the balance between office and home working. In addition to our 30-day holiday allowance, we also provide a work from abroad policy, enabling employees to work remotely for up to another 30 days per year
  • Learning and Development - We offer a €1,000 annual budget to support your professional growth—because investing in your development benefits us all. In addition, we provide leadership cafés, on-the-job training, and other opportunities to help you grow your skills and thrive in your role.
  • Lunch Vouchers - 12,80euros x 18 / month - Enjoy a moment of conviviality and a good and balanced meal thanks to your Lunch Pass.
  • Enhance Family Leave - We understand the importance of family - that's why we offer enhanced family leave to support you during key life moments.
  • Travel Insurance - because better safe than sorry - the travel insurance is covering (partially with certain excess amounts): Sickness, Costs in relation to rescission/break-off during a travel, Luggage and Accident.
  • Gym membership - PPRO helps contribute towards the costs of your gym membership, supporting your physical fitness journey while easing the burden on your wallet
  • Mental Health Platform - We’ve teamed up with a top well-being platform to provide one-on-one therapy, chat therapy, therapist-led courses, guided meditations, and more.
  • Pet-friendly office - Because work is better with your paw-tners by your side

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
ISO27001PCI DSSSOC2risk managementcontrol frameworksaudit cyclescloud-native architectureworkflow automationprocess optimisationsecurity control testing
Soft skills
communicationinfluencingcollaborationpragmatic mindsetcustomer-focusedempatheticleadershipcoachingdecision-makingadaptability