Compliance Lead

The role:

We're looking for a Compliance Lead to lead the fields related to DORA (Digital Operational Resilience Act), NIS2 Directive, and PCI DSS.

This role ensures that regulatory requirements are interpreted correctly, translated into actionable controls, embedded into operational processes, and continuously monitored across the organization.

The position requires strong regulatory expertise, cross-functional leadership, and the ability to drive compliance programs in complex, fast-moving environments. The compliance lead will work closely with Security, IT, Legal, Procurement, Risk, and executive leadership to ensure Nebius maintains regulatory readiness and operational resilience.

The SMO division is responsible for leading Nebius’ governance, risk, and compliance activities.

Your responsibilities will include: 

• Develop and maintain policies, procedures, and guidelines.
• Ensure regulatory requirements are integrated into Nebius’ broader GRC framework
• Lead Nebius’ DORA and NIS2 compliance programs end-to-end
• Lead the internal and external audits related to DORA, NIS2, and PCI
• Define and track ICT risk management controls aligned with DORA
• Maintain PCI documentation, policies, and audit evidence
• Act as the primary contact with PCI assessors and consultants
• Support vendor due diligence related to regulatory requirements
• Work closely with Security Engineering, Cyber, Physical Security, Legal, and Procurement
• Guide business units on regulatory obligations and required controls

We expect you to have:

• 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, or Regulatory Compliance
• Hands-on experience implementing and managing compliance programs for DORA, NIS2, PCI DSS, or equivalent regulatory frameworks
• Experience working with external auditors, regulators, or Qualified Security Assessors (QSAs)
• Ability to translate regulatory language into operational controls
• Excellent communication skills, with the ability to engage executive stakeholders
• Experience in regulated industries (financial services, cloud, technology) 

It will be an added bonus if you have: 

• Relevant certifications (CISSP, CISA, CRISC, PCI-ISA, ISO 27001 Lead Implementer/Auditor) are a plus.
• Bachelor’s degree in business, computer science or a related field is a plus.

What we offer 

• Competitive salary and comprehensive benefits package.
• Opportunities for professional growth within Nebius.
• Flexible working arrangements.
• A dynamic and collaborative work environment that values initiative and innovation.

We’re growing and expanding our products every day. If you’re up to the challenge and are excited about AI and ML as much as we are, join us!