Security Governance Engineer (GRC) Luxembourg

France, Luxembourg, UK, Poland, Spain, Germany

Mangopay is a wallet-based payment infrastructure built specifically for organisations with complex, multi-party fund flows. A pioneer in multi-party payments.

Our solution optimises fund flows on behalf of the organisations we work with using wallets as programmable, composable building blocks.

Mangopay’s regulated platform collects payments, secures transactions and holds funds, splits money between the various parties in the funds flow, and ultimately manages the payout to service providers, sellers, and consumers.

Platforms and fintechs using Mangopay regain control and transparency over multi-party payment flows , generate additional revenue, and improve operational efficiency. They can stay compliant while innovating and scaling.

Our team of 300+ people is spread across offices in Madrid, Paris, Warsaw, Berlin, Luxembourg and London. We're looking for talented individuals to join us in tackling the exciting challenges ahead.

At Mangopay, you’ll be part of a supportive, diverse team committed to building scalable solutions and driving change in the fintech space!

Summary

As a senior GRC professional, you will take ownership of complex security governance activities, applying your deep understanding of information security, risk management, and regulatory compliance to support and enhance our organisation’s security posture. You will lead efforts to maintain and mature our security framework, collaborate on designing effective processes and controls, and ensure alignment with internal policies and external regulatory expectations. Beyond execution, you will drive continuous improvement and act as a key point of contact for audits and risk assessments.

Responsibilities

• Maintain and enhance the organisation’s security framework, including policies, guidelines, standards, and procedures.
• Design and support the implementation of security processes and controls aligned with internal frameworks and regulatory requirements.
• Conduct security assessments and vendor due diligence for third-party risk management.
• Act as lead contact for audits, ensuring effective preparation, documentation, and issue resolution.
• Perform risk assessments and ensure the security risk register is accurate, up-to-date, and actionable.
• Stay up to date with relevant regulations (e.g., DORA, EBA guidelines, UK / EU compliance requirements), and translate them into applicable controls and internal processes.
• Support the organisation’s PCI-DSS certification efforts and maintain a strong understanding of its evolving requirements.
• Advise internal stakeholders on compliance best practices and security control design.

Qualifications

Additional information

We care about equal employment opportunities, so all qualified applicants will receive equal consideration regardless of their race, colour, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

Apply for this job

indicates a required field

First Name

Last Name

Email

Phone

Resume / CV

Enter manually

Accepted file types : pdf, doc, docx, txt, rtf

Enter manually

Accepted file types : pdf, doc, docx, txt, rtf

This role is hybrid (2 days per week in the office), for this reason we can only hire people based in Madrid, Paris, Luxembourg, London, Berlin or Warsaw and who are willing to commute to our office in these cities.Is that something you would be able to do?

Do you have direct experience with a regulated Payment Institution or financial services firm, including practical knowledge of EBA Guidelines and DORA?

Can you confirm experience as an IT / Security Audit POC in EU regulated environments, and applying PCI DSS or ISO 27001 to policy development?

What are your salary expectations? (please state per annum and include currency)

When can you start?

Mangopay and group companies act as joint controllers of your personal data for recruitment purposes. For more information on how we process your personal data, including legal bases and your right to withdraw consent, please see our privacy notice available here.

I consent to the processing by Mangopay and group companies listed in the privacy notice, acting as joint controllers, of my personal data provided through the application form and in the attached CV for the purpose of future recruitment processes.

#J-18808-Ljbffr