Responsibilities
- Own and deliver external and internal audits/certifications end-to-end with minimal findings, starting with upcoming deadlines like our PCI DSS audit.
- Deliver meaningful tooling and automation to reduce manual evidence collection and reporting, starting with ISO 27001 controls.
- Build and maintain the documentary corpus and control mapping for upcoming regulations (notably DORA), shifting Qonto toward continuously provable compliance.
- Translate compliance requirements into clear, actionable requests for technical teams without creating unnecessary bureaucracy.
- Prepare and defend Qonto’s compliance positions with auditors by combining the spirit of regulatory texts with pragmatic, risk-based implementations.
Requirements
- Proven experience owning security compliance frameworks and audits (such as ISO 27001 or PCI DSS) end-to-end within regulated environments.
- Hands-on approach to problem-solving and have previously built tools, scripts, or integrations to automate repetitive compliance tasks and evidence collection.
- Constructively challenge interpretations and defend pragmatic, risk-based compliance positions with external auditors.
- Strong project management skills, allowing you to organize your work around an audit calendar and juggle multiple stakeholders and deadlines simultaneously.
Nice to Have
- Naturally curious, able to quickly grasp technical contexts to collaborate with engineers, and motivated by the prospect of working across multiple regulatory frameworks.
Additional Information
- On average, our hiring process lasts 20 working days.
- Recruitment scams are on the rise. Keep in mind, we will never work with third-party platforms or agencies that request payment from candidates. If you receive a suspicious message claiming to be from Qonto, please report it right away (support@qonto.com)
