Key skills
Project ManagementCollaboration
About this role
Role Overview
- Own and deliver external and internal audits/certifications end-to-end with minimal findings, starting with upcoming deadlines like our PCI DSS audit.
- Deliver meaningful tooling and automation to reduce manual evidence collection and reporting, starting with ISO 27001 controls.
- Build and maintain the documentary corpus and control mapping for upcoming regulations (notably DORA), shifting Qonto toward continuously provable compliance.
- Translate compliance requirements into clear, actionable requests for technical teams without creating unnecessary bureaucracy.
- Prepare and defend Qonto’s compliance positions with auditors by combining the spirit of regulatory texts with pragmatic, risk-based implementations.
Requirements
- Experience: You have proven experience owning security compliance frameworks and audits (such as ISO 27001 or PCI DSS) end-to-end within regulated environments.
- Automation mindset: You have a hands-on approach to problem-solving and have previously built tools, scripts, or integrations to automate repetitive compliance tasks and evidence collection.
- Regulatory reasoning: You can constructively challenge interpretations and defend pragmatic, risk-based compliance positions with external auditors.
- High Autonomy: You have strong project management skills, allowing you to organize your work around an audit calendar and juggle multiple stakeholders and deadlines simultaneously.
- Growth mindset: You are naturally curious, able to quickly grasp technical contexts to collaborate with engineers, and motivated by the prospect of working across multiple regulatory frameworks.
Benefits
- Rare multi-framework exposure: It is quite rare to have the opportunity to work across so many different certifications and audits (ISO 27001, PCI DSS, DSP2, PDP, DORA) rather than a single-norm niche, providing you with an incredible learning curve and continuous career growth.
- "GRC + Automation" scope: You won't just manage spreadsheets; you will build tooling and scripts to transition Qonto from point-in-time checks to automated compliance.
- High-stakes, fast-paced context: You will manage a high audit cadence (~6–7 external and ~5–6 internal audits per year) in a highly regulated fintech environment.
- Pragmatic methodology: We value risk-based argumentation and finding the right balance between strict regulatory requirements and our engineering teams' velocity.
- Cross-functional collaboration: You will act as a key bridge between Internal Control, external auditors (like Mazars or Deloitte), and our Security engineering teams.