Compliance Lead

Why work at Nebius
Nebius is leading a new era in cloud computing to serve the global AI economy. We create the tools and resources our customers need to solve real-world challenges and transform industries, without massive infrastructure costs or the need to build large in-house AI/ML teams. Our employees work at the cutting edge of AI cloud infrastructure alongside some of the most experienced and innovative leaders and engineers in the field.

Where we work
Headquartered in Amsterdam and listed on Nasdaq, Nebius has a global footprint with R&D hubs across Europe, North America, and Israel. The team of over 800 employees includes more than 400 highly skilled engineers with deep expertise across hardware and software engineering, as well as an in-house AI R&D team.

The role:

We're looking for a Compliance Lead to lead the fields related to DORA (Digital Operational Resilience Act), NIS2 Directive, and PCI DSS.

This role ensures that regulatory requirements are interpreted correctly, translated into actionable controls, embedded into operational processes, and continuously monitored across the organization.

The position requires strong regulatory expertise, cross-functional leadership, and the ability to drive compliance programs in complex, fast-moving environments. The compliance lead will work closely with Security, IT, Legal, Procurement, Risk, and executive leadership to ensure Nebius maintains regulatory readiness and operational resilience.

The SMO division is responsible for leading Nebius’ governance, risk, and compliance activities.

Your responsibilities will include:

Develop and maintain policies, procedures, and guidelines.
Ensure regulatory requirements are integrated into Nebius’ broader GRC framework
Lead Nebius’ DORA and NIS2 compliance programs end-to-end
Lead the internal and external audits related to DORA, NIS2, and PCI
Define and track ICT risk management controls aligned with DORA
Maintain PCI documentation, policies, and audit evidence
Act as the primary contact with PCI assessors and consultants
Support vendor due diligence related to regulatory requirements
Work closely with Security Engineering, Cyber, Physical Security, Legal, and Procurement
Guide business units on regulatory obligations and required controls

We expect you to have:

5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, or Regulatory Compliance
Hands-on experience implementing and managing compliance programs for DORA, NIS2, PCI DSS, or equivalent regulatory frameworks
Experience working with external auditors, regulators, or Qualified Security Assessors (QSAs)
Ability to translate regulatory language into operational controls
Excellent communication skills, with the ability to engage executive stakeholders
Experience in regulated industries (financial services, cloud, technology)

It will be an added bonus if you have:

Relevant certifications (CISSP, CISA, CRISC, PCI-ISA, ISO 27001 Lead Implementer/Auditor) are a plus.
Bachelor’s degree in business, computer science or a related field is a plus.

What we offer

Competitive salary and comprehensive benefits package.
Opportunities for professional growth within Nebius.
Flexible working arrangements.
A dynamic and collaborative work environment that values initiative and innovation.

We’re growing and expanding our products every day. If you’re up to the challenge and are excited about AI and ML as much as we are, join us!

What we offer

Competitive salary and comprehensive benefits package.
Opportunities for professional growth within Nebius.
Flexible working arrangements.
A dynamic and collaborative work environment that values initiative and innovation.

We’re growing and expanding our products every day. If you’re up to the challenge and are excited about AI and ML as much as we are, join us!