Security Governance Engineer (GRC)

Mangopay is a wallet-based payment infrastructure built specifically for organisations with complex, multi-party fund flows. A pioneer in multi-party payments.

Our solution optimises fund flows on behalf of the organisations we work with using wallets as programmable, composable building blocks.

Mangopay’s regulated platform collects payments, secures transactions and holds funds, splits money between the various parties in the funds flow, and ultimately manages the payout to service providers, sellers, and consumers.

Platforms and fintechs using Mangopay regain control and transparency over multi-party payment flows, generate additional revenue, and improve operational efficiency. They can stay compliant while innovating and scaling.

Our team of 300+ people is spread across offices in Madrid, Paris, Warsaw, Berlin, Luxembourg and London. We're looking for talented individuals to join us in tackling the exciting challenges ahead. 

At Mangopay, you’ll be part of a supportive, diverse team committed to building scalable solutions and driving change in the fintech space!

Summary

As a senior GRC professional, you will take ownership of complex security governance activities, applying your deep understanding of information security, risk management, and regulatory compliance to support and enhance our organisation’s security posture. You will lead efforts to maintain and mature our security framework, collaborate on designing effective processes and controls, and ensure alignment with internal policies and external regulatory expectations. Beyond execution, you will drive continuous improvement and act as a key point of contact for audits and risk assessments.

Responsibilities

• Maintain and enhance the organisation’s security framework, including policies, guidelines, standards, and procedures.
• Design and support the implementation of security processes and controls aligned with internal frameworks and regulatory requirements.
• Conduct security assessments and vendor due diligence for third-party risk management.
• Act as lead contact for audits, ensuring effective preparation, documentation, and issue resolution.
• Perform risk assessments and ensure the security risk register is accurate, up-to-date, and actionable.
• Stay up to date with relevant regulations (e.g., DORA, EBA guidelines, UK/EU compliance requirements), and translate them into applicable controls and internal processes.
• Support the organisation’s PCI-DSS certification efforts and maintain a strong understanding of its evolving requirements.
• Advise internal stakeholders on compliance best practices and security control design.

Qualifications

• 5–7 years of relevant experience.
• Master's degree or equivalent in Security, Technology; advanced certifications or master's degree preferred.
• Professional certifications preferred: CISA, ISO/IEC 27001 (Auditor or Implementer), AWS Security Speciality, or equivalent.
• In-depth knowledge of EU/UK regulatory environments, including DORA, EBA guidelines, and equivalent local implementations.
• Strong working knowledge of PCI-DSS, security audits, and compliance frameworks.
• Proficiency in English required; additional language(s) considered an asset.
• Significant expertise and track record of success in similar environments.
•  

Additional information

Interview process:

1. HR Call
2. Interview with Head of Security
3. Interview with Application Security Engineer

We care about equal employment opportunities, so all qualified applicants will receive equal consideration regardless of their race, colour, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.