ICT Governance Manager

At Scalapay, we're shaping a culture with high standards, independent and critical thought, innovation, ownership, and continuous learning. We operate in a fast-moving, tech-driven environment, and we're looking for people who thrive in change, think boldly, and take initiative.

If you're ready to put your potential to the test in a hiring process designed to spotlight exceptional talent, this is your chance to stand out and grow with one of Europe's most ambitious fintech teams.

#MakeItHappen #PlayAsATeam #StayCurious #FocusOnCustomer.

The Mission

We're seeking an ICT Governance Manager to ensure our regulated financial services subsidiary maintains robust compliance with Italian and EU financial regulations. This is a hands-on, individual contributor role working horizontally across our engineering organization to implement governance frameworks, coordinate regulatory requirements, and maintain continuous audit readiness.

You'll be the subject matter expert who translates regulatory requirements (Bank of Italy, DORA, PCI-DSS, GDPR) into actionable technical requirements, working closely with engineering domain leads to ensure compliance is embedded into our delivery processes without creating bottlenecks.

This role is critical for maintaining our payment institution license while supporting our growth from 10M users to the next phase of scale.

What You'll Do
Regulatory Compliance Implementation

• Translate regulatory requirements from Bank of Italy, ECB directives, DORA, PCI-DSS, and GDPR into concrete technical requirements
• Work with engineering domain leads (Risk, Payments, Customer, Infrastructure) to implement compliance controls within their delivery cycles
• Maintain comprehensive documentation of ICT systems, data flows, and security controls for regulatory inspections
• Coordinate regulatory submissions and respond to information requests from Bank of Italy and external auditors
• Track and report compliance status across all technical domains to CTO and IP CEO

Governance Framework Management

• Implement and maintain ICT governance processes aligned with regulatory requirements
• Establish monitoring mechanisms to ensure ongoing compliance across engineering teams
• Create and maintain policy documentation, procedures, and evidence repositories
• Coordinate vendor compliance assessments for critical third-party ICT services
• Maintain ICT asset inventory, access control documentation, and security configurations
• Support internal and external audit processes by preparing evidence and coordinating team responses

Business Continuity & Resilience Coordination

• Coordinate development and testing of Business Continuity Plans with infrastructure and engineering teams
• Ensure disaster recovery procedures are documented, tested, and meet regulatory requirements
• Work with DevOps team to validate backup procedures and recovery time objectives
• Organize and document regular DR testing exercises with post-test reporting
• Maintain incident response procedures and coordinate incident management processes

Cross-Functional Collaboration

• Partner with Risk Management team to assess and monitor ICT risks
• Work with Legal/Compliance to align technical controls with regulatory interpretations
• Coordinate with engineering managers to plan compliance work within agile sprint cycles
• Act as technical liaison during regulatory inspections and auditor requests
• Present compliance status updates to executive leadership

Why you should join Scalapay:

• Attractive packages based on skills and experience - the salary band we have for this position is Euro
• Opportunity to work with a team of Industry Leaders who are focused on delivering products that offer exceptional user experience.
• Support to accelerate your professional growth and take ownership of the projects you deliver.
• A lean, people focused Agile way of working that delivers marketable products.
• Work with the latest technologies and be encouraged to bring your own flair to the role.
• Professional training plan and career guidance.

Required Qualifications
Regulatory & Compliance Experience

• 4-6 years of hands-on experience in IT governance, compliance, or risk management within regulated financial services (banking, payments, fintech)
• Direct experience working with Bank of Italy requirements or similar EU financial regulators
• Working knowledge of PCI-DSS and GDPR compliance requirements
• Experience with DORA (Digital Operational Resilience Act) requirements
• Experience preparing documentation for and responding to regulatory audits

Technical Background

• Strong understanding of enterprise IT infrastructure, cloud services (AWS), and application architectures
• Ability to read and understand technical documentation, API specifications, and system architecture diagrams
• Experience with DevOps practices, CI/CD pipelines, and infrastructure-as-code concepts
• Understanding of cybersecurity controls, access management, and vulnerability management
• Familiarity with agile development methodologies and how to embed compliance work into sprints

Collaboration & Communication

• Proven ability to work horizontally across technical teams without direct authority
• Experience influencing engineering teams to prioritize compliance work alongside feature development
• Ability to translate complex regulatory language into clear technical requirements
• Strong documentation skills for creating policies, procedures, and audit evidence
• Excellent Italian and English communication skills (written and verbal)
• Comfortable working in a lean, fast-moving startup environment (~200 people)

Preferred Qualifications

• Degree in Computer Science, Information Systems, or related technical field
• Professional certifications: CISA, CRISC, ISO 27001 Lead Auditor, or similar
• Previous experience in Big 4 consulting (audit/advisory) or regulatory compliance roles
• Hands-on experience with BNPL, payments processing, or lending platforms
• Experience with GRC (Governance, Risk, Compliance) tools
• Background as a technical project manager or senior engineer who moved into governance

Recruitment process:

1. Initial Chat: A brief conversation with our Talent Acquisition team to get to know you and understand your fit for the role.
2. Hiring Manager Interview: First interview with the Hiring Manager  to deep dive into your experiences, better understand your motivation and explore your skills.
3. Case Study: A skills-based exercise followed by a debriefing session with key stakeholders.
4. A Meet the Team: to meet the Software Engineers that could potentially be part of your team.
5. Final Chat with Simone (CEO): A chance to discuss Scalapay's values, company vision, and ensure strong cultural alignment. During this stage, we will also conduct reference checks to validate your experience and achievements.

Want to learn more? Don't hesitate to explore our Careers website, our LinkedIn and Glassdoor pages. 

Pro tip: send your CV in English

Super Pro tip: we know that application processes can be scary and frustrating but… we look for talent, not people that tick all our boxes.

We believe in the power of diversity: Scalapay is an Equal Opportunity Employer for any minority, disability, gender identity or sexual orientation.

---