⭐ Mission Your mission is to ensure Qonto remains continuously compliant with key security certifications and regulatory requirements (ISO 27001, PCI DSS, DORA) by leading end-to-end audits. Working closely with Ayoub, our VP Security, and Pierre, your manager, you will protect Qonto's ability to operate regulated products by transitioning our compliance processes from manual evidence collection to a streamlined, automated system.

👩‍💻🧑‍💻 As a GRC Engineer at Qonto, you will

• Own and deliver external and internal audits/certifications end-to-end with minimal findings, starting with upcoming deadlines like our PCI DSS audit.
• Deliver meaningful tooling and automation to reduce manual evidence collection and reporting, starting with ISO 27001 controls.
• Build and maintain the documentary corpus and control mapping for upcoming regulations (notably DORA), shifting Qonto toward continuously provable compliance.
• Translate compliance requirements into clear, actionable requests for technical teams without creating unnecessary bureaucracy.
• Prepare and defend Qonto's compliance positions with auditors by combining the spirit of regulatory texts with pragmatic, risk-based implementations.

🤔 What you can expect

• Rare multi-framework exposure: It is quite rare to have the opportunity to work across so many different certifications and audits (ISO 27001, PCI DSS, DSP2, PDP, DORA) rather than a single-norm niche, providing you with an incredible learning curve and continuous career growth.
• "GRC + Automation" scope: You won't just manage spreadsheets; you will build tooling and scripts to transition Qonto from point-in-time checks to automated compliance.
• High-stakes, fast-paced context: You will manage a high audit cadence (~6-7 external and ~5-6 internal audits per year) in a highly regulated fintech environment.
• Pragmatic methodology: We value risk-based argumentation and finding the right balance between strict regulatory requirements and our engineering teams' velocity.
• Cross-functional collaboration: You will act as a key bridge between Internal Control, external auditors (like Mazars or Deloitte), and our Security engineering teams.

🤝 About your future manager You will report directly to Pierre. As Head of Security, he approaches leadership as an engineer first, favoring technical truth over titles and hierarchy. He keeps the team horizontal, providing the necessary context and then stepping back to let people own their execution. Driven by a 'question everything' mindset, he expects his team to challenge 'the way it's always been done' to find leaner, more automated solutions. To ensure a smooth and successful ramp-up, your initial onboarding will also be closely supported by Ayoub, who will provide deep knowledge transfer on our current frameworks.

🏅 About You

• Experience: You have proven experience owning security compliance frameworks and audits (such as ISO 27001 or PCI DSS) end-to-end within regulated environments.
• Automation mindset: You have a hands-on approach to problem-solving and have previously built tools, scripts, or integrations to automate repetitive compliance tasks and evidence collection.
• Regulatory reasoning: You can constructively challenge interpretations and defend pragmatic, risk-based compliance positions with external auditors.
• High Autonomy: You have strong project management skills, allowing you to organize your work around an audit calendar and juggle multiple stakeholders and deadlines simultaneously.
• Growth mindset: You are naturally curious, able to quickly grasp technical contexts to collaborate with engineers, and motivated by the prospect of working across multiple regulatory frameworks.

At Qonto we understand that true diversity isn't just about ticking boxes on a hiring checklist. Apply regardless of the boxes you tick! Who knows? You may have the missing piece of the puzzle we've been searching for all along.