In the last 10 years, Mambu has been revolutionising banking - making it more accessible, more straightforward and more inclusive for everyone. With fresh funding secured and a near €5 billion valuation we have huge ambitions for ourselves and the whole banking sector.

We bring this same sense of innovation and aspiration to how we support our people. We pioneered the 4 day summer work week, have announced the provision of equity for all and launched Our Mambu Deal to capture how we work with each other and what we offer all Mambuvians.

These are just the beginning. We’ll continue to look for ways to make Mambu an even better place to work.

We’re not here to play it safe.

We’re here to change the world.

The Head of Technical Audit and Assurance is responsible for Mambu’s risk based internal audit plan providing assurance to Mambu’s leadership on the effectiveness of Mambu’s information security management system. Additionally, the role is also responsible for managing Mambu’s external assurance and certification programs (ISO/IEC:27001, SOC 1, SOC 2) and facilitating customer audits as mandated by relevant regulations.

The Head of Technical Audit and Assurance reports to the VP Risk and Compliance and has dotted reporting lines to Mambu’s Enterprise Risk Committee.

What you’ll do

• Lead Mambu’s external assurance and certification programs to ensure ongoing compliance with requirements of ISO/IEC:27001, SOC 1, SOC 2.

• Ensure external audits are planned and carried out according to Mambu’s annual roadmap.

• Facilitate external certification and assurance audit sessions, work as a liaison between external audit and internal teams.

• Report to relevant stakeholders (including Mambu’s leadership team) on external audit findings and monitor their remediation.

• Be accountable for the overall quality of the external engagements.

• Manage customer interaction on the topic of external assurance and certification programs.

• ​​Lead Mambu’s internal audit program that supports Mambu’s strategic objectives and provides independent assurance to the effectiveness of its information security management system.

• Create and manage a risk-based and scalable internal yearly audit plan and ensure its execution.

• Ensure methodical documentation of work plans, testing results, conclusions and recommendations. Ensure follow up on findings and corrective actions.

• Be the go to person, internally and externally, for internal audit related questions.

• Support Mambu’s prospects and customers to gain and retain trust in Mambu’s information security management system:

• Create and manage a risk-based and scalable customer audit program meeting applicable regulatory requirements and ensure its execution.

• Coordinate customer audits by setting the audit plan, the audit scope, facilitating sessions with relevant internal teams, reviewing and confirming customer audit findings, reporting on and following up on remediation of customer audit findings.

• Support Request for Proposal processes where questions are related to internal audits, customer audits or external assurance and certifications.

• Support customer due diligence processes where questions are related to internal audits, customer audits or external assurance and certifications.

• Lead, direct and develop Mambu’s Technical Audit and Assurance team.

What you’ll bring

• Experience in leading assurance and certification for ISO/IEC:27001, SOC 1, SOC 2 for Saas and/or Public Cloud environments (AWS, Azure, GCP, OCI)
• Experience in leading audit programs and engagements in SaaS and/or Public Cloud environments (AWS, Azure, GCP, OCI)
• Experience in leading internal and/or external audit teams
• At least one relevant professional certification including CISM, CISA, CISSP, CISA, ISO 27001 Lead Implementer or Auditor.
• Strong English written and verbal communication skills
• Effective interpersonal skills, able to develop good working relationships at all levels of the organisations
• Good organisational and leadership skills to manage changing priorities
• Willingness to learn and adapt to change – committed to continuous personal and professional development
• Analytical, detail oriented and creative problem-solving abilities

Nice to have:

• Hands-on experience with information security and privacy compliance frameworks, controls and best practices either working as an auditor or implementing any of the following: ISO 27k family, AICPA Trust Services Principles, PCI DSS, NIST 800.53, GDPR, SOX etc.
• Good understanding of risk management processes, artefacts and terminology

Your colleagues would say:

• You excel working across geographic and cultural boundaries, with complex customers, involving multiple stakeholders and potential partners/affiliates.
• You are an excellent communicator.
• You are not satisfied with what’s already available and have the ambition to revise and improve things in the name of progress.
• You are eligible to work in Romania, and you are already living there.

Mambu’s future We are a diverse group of Mambuvians, and we are growing fast. Our eyes are on the future, and we believe we can use our technology and our talent to deliver banking experiences for billions that are also sustainable and inclusive and accessible.

Your future We’re also focused on delivering a fantastic working experience for all Mambuvians. We pioneered the 4 day working week between June - August many years ago, and continue to innovate around how work should feel and how it should get done. Our Mambu Deal is how we articulate this relationship of support and dedication which drives us all forward.

To stay on top of the latest Fintech trends and our success stories, please follow us on LinkedIn.

To experience more of the Mambu culture in action, you can follow us on Facebook, Instagram or YouTube.