GRC & Cybersecurity Lead

About the role

About Paidy Inc. Paidy is Japan's pioneer and leading BNPL service company. At Paidy we believe in creating simple, instant experiences to take the hassle out of shopping with a touch of magic. Paidy offers instant, monthly-consolidated credit to consumers by removing hassles from payment and purchase experiences. Paidy uses proprietary models and machine learning to underwrite transactions in seconds and guarantee payments to merchants. Paidy increases revenue for merchants by reducing the number of incomplete transactions, increasing conversion rates, boosting average order values, and facilitating repeat purchases from consumers. Paidy has reached an agreement to join PayPal, the global payments company. Paidy will continue to operate its existing business, maintain its brand and support a wide variety of consumer wallets and marketplaces by providing convenient and innovative services. Paidy continues to innovate to make shopping easier and more fun both online and offline. For more information, please visit http://www.paidy.com. About the Team & Position Cybersecurity is everyone's responsibility, but our security team leads the charge on solving some of the most challenging and consequential problems facing our organization and industry. As a fintech company operating within a larger corporate group, we navigate a dynamic regulatory landscape while integrating our security program with our parent company's broader initiatives. The GRC & Cybersecurity Lead is responsible for developing, implementing, and managing governance, risk, and compliance programs that ensure Paidy meets its regulatory, security, and business requirements. This role plays a critical part in aligning cybersecurity initiatives with business objectives, managing IT risk, driving audit readiness, and advancing GRC engineering and automation capabilities. The successful candidate will work closely with stakeholders across IT, Legal, Risk, Compliance, and executive leadership, as well as external auditors, regulatory bodies, and our parent company's security teams. Key Role and Responsibilities Governance & Risk Management: Lead the organization's IT governance, risk, and compliance (GRC) framework in alignment with corporate strategy, regulatory requirements, and industry best practices Identify, assess, and monitor IT risks across Cloud, Application, Software, Hardware, and Networking environments Maintain and enhance the IT risk register, performing periodic reviews and updates to reflect changes in the threat and technology landscape Support enterprise risk management initiatives by providing risk insights and recommendations to senior leadership Manage third-party and vendor security risk, including security assessments, ongoing monitoring, and contract review support Compliance & Audit: Ensure adherence to relevant security and privacy frameworks and regulations, including SOC 2 (Type 1 and Type 2), SOC 1 (Type 1 and Type 2), ISO 27001, NIST CSF, APPI, and the Japan Installment Sales Act (割賦販売法) Own audit preparation, evidence collection, and remediation tracking for internal and external audits; drive the roadmap toward Type 2 attestations Develop and maintain security policies, standards, and procedures in collaboration with key stakeholders Deliver compliance reporting to management, executive leadership, the board, and regulatory authorities as required Conduct IT audits and manage audit tooling to ensure continuous audit readiness GRC Engineering & Automation: Implement, configure, and mature GRC tooling including RSA Archer and Vanta Build and maintain automation using scripting, workflow tools (e.g., n8n), and AI tools including Claude Code to reduce manual compliance burden and accelerate audit evidence collection Integrate GRC workflows with Atlassian Jira, Confluence, and Slack to embed compliance into engineering and operational processes Develop security metrics, dashboards, and reporting pipelines that provide visibility into risk posture and compliance status Cybersecurity Leadership: Oversee the design and implementation of cybersecurity controls, tools, and processes to mitigate IT risks Collaborate with IT operations and engineering teams to embed security into technology design and operations, leading through influence rather than direct authority Lead incident response planning, tabletop exercises, and post-incident reviews Communicate clearly with executives and board-level stakeholders on security posture, risk trends, and compliance status Promote a security-aware culture across the organization through training, enablement, and ongoing engagement Parent Company Integration & Stakeholder Engagement: Support the CISO in managing the security relationship with parent company security and compliance teams; translate parent company requirements into local policy and implementation Partner with business units to ensure GRC and cybersecurity considerations are integrated into pro

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at paidyinc? Share your experience