Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead compliance with regulations and manage third-party risks in a dynamic tech environment.
- Company: Join Ant International, a leader in digital payment solutions driving global commerce innovation.
- Benefits: Enjoy flexible work options, competitive salary, and opportunities for professional growth.
- Why this job: Be part of a mission-driven team enhancing digital capabilities for businesses worldwide.
- Qualifications: 5+ years in GRC roles; strong understanding of GDPR, DORA, and PCI DSS required.
- Other info: Certifications like CRISC or CISSP preferred; equivalent experience considered.
The predicted salary is between 60000 - 84000 £ per year.
About Us: Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. In close collaboration with partners, we support merchants of all sizes worldwide to realise their growth aspirations through a comprehensive range of tech-driven digital payment and financial services solutions. Ant International strives to become the most trusted digital services connector to achieve sustainable growth of global commerce. With a focus on Travel, Trade, Technology, and Talent, Ant International is committed to enhancing the digital mindset and capacities of businesses worldwide. Through fostering collaborative efforts with partners, we are driving responsible innovation and increasing market accessibility for global SMEs.
Role Overview: As a GRC Lead, you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience.
What you will be doing:
- Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures.
- Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning.
- Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation.
- Risk Management: Maintain the enterprise risk register, prioritising risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies.
- Technical Compliance & Security: Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance. Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience.
What we are looking for:
- Experience: 5+ years in GRC roles; financial services or banking experience is a strong plus.
- Regulatory Knowledge: Understanding of GDPR, DORA, PCI DSS, and outsourcing/third-party risk requirements.
- Technical Skills: Hands-on experience with ISO 27001 implementation and third-party risk tools. Proficiency in IAM (Identity and Access Management) solutions and conducting user access reviews. Familiarity with cloud technology and IT infrastructure.
- Framework Expertise: Strong knowledge of NIST frameworks (CSF, 800-53) and CIS Controls.
- Certifications: CRISC, CISSP, CISM, or CISA preferred (equivalent experience considered).
Lead Cyber Security Engineer employer: WorldFirst
Contact Detail:
WorldFirst Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead Cyber Security Engineer
✨Tip Number 1
Familiarise yourself with the specific regulations mentioned in the job description, such as GDPR and DORA. Understanding these regulations deeply will not only help you in interviews but also demonstrate your commitment to compliance and risk management.
✨Tip Number 2
Network with professionals in the cyber security and GRC fields. Attend industry events or webinars where you can meet people who work at Ant International or similar companies. Building connections can often lead to valuable insights and potential referrals.
✨Tip Number 3
Stay updated on the latest trends and technologies in cyber security, especially those related to third-party risk management and identity governance. Being knowledgeable about current tools and methodologies will set you apart during discussions with the hiring team.
✨Tip Number 4
Prepare to discuss your hands-on experience with ISO 27001 and IAM solutions in detail. Be ready to share specific examples of how you've implemented these frameworks in previous roles, as practical experience is highly valued for this position.
We think you need these skills to ace Lead Cyber Security Engineer
Some tips for your application 🫡
Understand the Role: Thoroughly read the job description for the Lead Cyber Security Engineer position. Make sure you understand the key responsibilities and required skills, particularly around regulatory compliance and risk management.
Tailor Your CV: Customise your CV to highlight relevant experience in GRC roles, especially in financial services or banking. Emphasise your knowledge of GDPR, DORA, and other regulations mentioned in the job description.
Craft a Compelling Cover Letter: Write a cover letter that connects your experience with the specific requirements of the role. Discuss your hands-on experience with ISO 27001 and third-party risk tools, and how you can contribute to Ant International's goals.
Highlight Certifications: If you have certifications like CRISC, CISSP, CISM, or CISA, make sure to mention them prominently in your application. These qualifications are highly valued for this position and can set you apart from other candidates.
How to prepare for a job interview at WorldFirst
✨Understand the Regulatory Landscape
Familiarise yourself with key regulations such as GDPR, DORA, and PCI DSS. Be prepared to discuss how these regulations impact the role and how you can ensure compliance within the organisation.
✨Showcase Your Technical Expertise
Highlight your hands-on experience with ISO 27001 implementation and third-party risk management tools. Be ready to provide examples of how you've successfully managed security policies and procedures in previous roles.
✨Demonstrate Strategic Thinking
Prepare to discuss your approach to risk management, particularly in relation to third-party dependencies and outsourcing. Share specific methodologies you've used to quantify risks and maintain an enterprise risk register.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about past experiences where you had to remediate gaps in compliance or manage vulnerabilities, and be ready to explain your thought process.
