Senior Director, Chief Technology Officer (Remote) at PayPal

Job Summary:

This job involves developing and articulating a clear vision and strategy aligned with organizational operations. The individual inspires teams to achieve long-term success in system and cloud engineering, collaborates with industry leaders to influence best practices, and oversees the optimization of cloud systems while mentoring other leaders to build capabilities.

Essential Responsibilities:

• Define and implement a long-term strategic vision for site operations, prioritizing customer satisfaction, operational excellence, and alignment with organizational goals.
• Oversee comprehensive data sets to identify performance gaps and implement data-driven strategies to optimize site operations and enhance efficiency.
• Establish clear, challenging objectives for the site and lead the team with motivation and effective delegation to meet and exceed those goals.
• Lead efforts to recruit, attract, and retain top talent, fostering a diverse, inclusive, and skilled workforce that aligns with the organization's values and mission.
• Cultivate and strengthen relationships with internal teams, external partners, and stakeholders to ensure alignment, collaboration, and mutual success.
• Serve as a role model by inspiring trust and followership among team members and stakeholders through consistent communication, accountability, and leadership.
• Navigate and manage organizational change and ambiguity effectively, driving continuous improvement and fostering resilience across teams and operations.
• Take calculated risks, demonstrating integrity, foresight, and a thoughtful approach to decision-making that balances short-term needs with long-term objectives.
• Uphold and enforce the highest standards of performance and quality, ensuring that all site operations align with organizational goals and customer expectations.
• Regularly engage in self-reflection, seek constructive feedback, and pursue opportunities for personal and professional development to model growth and adaptability for the organization.

Expected Qualifications:

• 12+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience.
• 5 years of experience leading others

Additional Responsibilities & Preferred Qualifications:

PayPal is establishing a de novo industrial bank charter (ILC) and is seeking an experienced Chief Technology Officer (“CTO”) to be responsible for the overall technology vision, strategy, and execution across the ILC, ensuring that systems, infrastructure, and technology capabilities support regulatory expectations, operational excellence, and the ILC’s strategic objectives. The CTO will report to the ILC / Bank President.

Key Responsibilities:

• Develop and maintain the Bank’s technology strategy and roadmap, ensuring alignment with the Bank’s overall strategic objectives and regulatory requirements.
• Oversee all aspects of information technology, including infrastructure, systems architecture, applications, cybersecurity, data governance, and vendor-managed technology services.
• Work closely with the Bank’s Chief Information Security Officer (“CISO”) to ensure the Bank’s systems, networks, and data are adequately protected and aligned with Board-approved information security policies and standards.
• Establish and maintain policies, procedures, and controls to ensure compliance with applicable technology-related regulations and guidance (including FFIEC, GLBA, and UDFI/FDIC expectations).
• Oversee the Bank’s technology operations to ensure systems are secure, reliable, scalable, and resilient, and that they support efficient and compliant operations.
• Lead the evaluation, selection, and implementation of technology solutions that enhance operational efficiency, innovation, and customer experience.
• Ensure technology risk management processes are integrated into the Bank’s enterprise risk framework in collaboration with the CRO.
• Maintain effective vendor management oversight for technology service providers, including adherence to regulatory expectations for third-party risk management and affiliate services under Regulation W.
• Establish disaster recovery and business continuity capabilities consistent with regulatory standards and Bank policy.
• Ensure the Bank’s technology governance structure supports strong oversight, risk management, and Board visibility.
• Develop and mentor technology staff, promoting a culture of innovation, accountability, and operational excellence.
• Provide timely and relevant technology updates to the CEO and Board, including emerging risks, system performance, and strategic initiatives.
• Effectively communicate and address regulatory inquiry or examination activities.
• Participate in and capably make presentations and address questions at various management and Board-level committee meetings.

De Novo Charter Formation & ILC Build‑Out:

• Serve as the technology lead for the de novo application and pre‑opening readiness: architecture narratives, third‑party due diligence, information security and resilience plans, outsourcing/affiliate service frameworks (Reg W), data governance, and technology program charters.
• Translate conditions of approval and supervisory feedback into funded roadmaps, control designs, and measurable milestones; prepare Board and regulator‑ready artifacts.
• Stand up a fit‑for‑purpose Technology Operating Model (TOM) aligned to the three lines of defense, covering demand intake, solution design, SDLC/DevSecOps, change management, release management, incident/problem management, and IT asset/configuration management.
• Establish integration patterns and standards (APIs, event streaming, batch) for core banking, digital channels, payments, lending, fraud/BSA platforms, data warehouse, and regulatory reporting.

Architecture & Platforms:

• Core banking selection and integration; digital banking/mobile platforms; payment rails (ACH/wires/card), issuer processor, card network connectivity; loan origination/servicing as applicable.
• Enterprise cloud (IaaS/PaaS/SaaS) and network architecture (segmentation, zero‑trust principles, SSO/MFA, identity and access management).
• Data platform (warehouse/lakehouse), metadata/catalog, lineage, data quality and retention, privacy controls, and reporting pipelines for management and regulatory reporting.
• Enterprise applications (CRM, servicing tools, case management, contact center), observability/telemetry (logging, metrics, tracing), and service desk tooling.
• Model and algorithm enablement in partnership with Risk (feature stores, monitoring, explainability, change control) where applicable.

Cybersecurity, Resilience & Privacy (in partnership with the CISO):

• Oversee the build‑out of information security aligned to Board‑approved policies and FFIEC/GLBA expectations; ensure effective vulnerability, patch, encryption, and endpoint management.
• Ensure robust incident response, disaster recovery, and business continuity (target RTO/RPO, tabletop exercises, supplier failovers) and integration with the enterprise crisis management plan.
• Ensure third‑party/affiliate technology services meet security and resilience standards (SOC reports, penetration testing, findings remediation, data localization/transfer controls, and right‑to‑audit provisions).
• Oversee privacy‑by‑design practices and alignment with GLBA safeguards, data minimization / retention, and customer consent/notice requirements.

Technology Risk, Compliance & Governance:

• Provide reporting to the Board Risk & Compliance Committee and the Bank’s Enterprise Risk Management Committee.
• Maintain a Technology Risk Assessment with clear KRIs/KPIs; integrate with the CRO’s Enterprise Risk Management framework and compliance testing/IA schedules.
• Operate a rigorous change management and access management program; ensure separation of duties, break‑glass controls, and comprehensive audit trails.
• Ensure Reg W governance for affiliate services (arm’s‑length terms, SLAs/OLAs, cost allocation, performance reporting).
• Prepare for and lead exams and supervisory reviews (e.g., FDIC/UDFI technology, information security, third‑party risk).

Vendor & Third‑Party Management:

• Own the technology vendor lifecycle: strategy, RFPs, due diligence, contract negotiation (SLAs, DPAs, security exhibits, exit/transition), performance management, and periodic control testing.
• Establish structured oversight for critical service providers and fintech/program partners; ensure ongoing monitoring and contingency plans.
• Implement a modern GRC/TPRM toolset to track obligations, risks, controls, testing, issues, and remediation.

People Leadership & Culture:

• Build and lead a high‑performing engineering/IT organization (architecture, platform engineering, cloud/network, data, delivery/PMO, ITSM, and vendor management).
• Set clear goals, coaching, and career paths; establish a culture of safety, operational excellence, documentation, and continuous improvement.
• Promote secure‑by‑default and compliant‑by‑design behaviors in product, engineering, and operations.

Governance & Reporting Lines:

• Manager: Bank President / President, ILC Entity
• Board access: Direct line to the Board via the Risk & Compliance Committee.
• Risk partners: Close collaboration with the CISO, CRO, CCO, General Counsel, Finance, Operations, and Internal Audit.
• Authority: Ability to pause or veto launches/changes that present unacceptable technology or operational risk.

Required Qualifications:

• 18+ years of progressive technology leadership in regulated financial services (banking preferred); recent tenure at Senior Director/VP or higher (many qualified candidates are current MD or SVP).
• Demonstrated success building or materially upgrading bank‑grade technology environments, preferably during a de novo or large‑scale transformation.
• Expertise across enterprise architecture, core/digital banking platforms, payments connectivity, data engineering, and IT operations/ITSM.
• Strong working knowledge of FFIEC IT handbooks, GLBA safeguards, third‑party risk expectations, and FDIC/UDFI supervisory practices.
• Proven partnership with CISO and CRO to integrate cyber and technology risks into ERM; track record handling regulatory exams and remediations.
• Deep experience leading cloud migrations/operations, modern SDLC/DevSecOps, and high‑availability architectures.
• Hands‑on vendor oversight including Reg W considerations for affiliate services.
• Executive communication skills; concise Board reporting and stakeholder management.

Preferred Qualifications:

• Experience in ILC environments and the parent/affiliate dynamics unique to ILC ownership.
• Background with bank‑as‑a‑service/fintech partnerships, card issuance/processors, or real‑time payments.
• Familiarity with data privacy, model governance, and automated regulatory reporting.

Relevant certifications (e.g., CGEIT, CISM, CISSP, ITIL, AWS/Azure/GCP), or advanced degree in CS/Engineering/Information Systems