Technical Assurance Lead

About Pave Bank

Pave Bank is the world’s first programmable business bank. Built by the founders behind Monzo and BigPay, we’re redefining global business banking by combining programmable financial infrastructure with world-class client experiences.

About the Role

The Technical Assurance Lead ensures that the Bank’s technology function operates in full alignment with regulatory expectations, the NIST Cybersecurity Framework, and COBIT governance principles. The role drives disciplined oversight of IT risk, control assurance, and compliance activities — maintaining the technology governance calendar, managing audits, overseeing vendor due diligence, and ensuring the timely review and approval of all technology-related policies and frameworks.

The position serves as the operational backbone of the Bank’s technology governance program — bridging technology, risk, and business leadership through structured processes, documentation, and reporting.

Key Responsibilities

1. Governance Coordination

• Maintain the annual technology governance calendar, covering required meetings, reports, self-assessments, policy reviews, and regulatory submissions.

• Coordinate preparation and delivery of board, exco, and committee reports related to technology risk, resilience, cybersecurity, and compliance.

• Track action items and ensure timely completion of deliverables arising from governance meetings.

• Maintain a repository of governance artefacts, including minutes, reports, and evidentiary documentation.

2. Policy & Control Management

• Maintain the register of board-approved technology policies, ensuring periodic review, update, and re-approval in accordance with regulatory timelines.

• Map and maintain alignment of internal controls with NIST CSF and COBIT domains, including periodic self-assessments and maturity scoring.

• Monitor compliance against control requirements and assist in the documentation and testing of control evidence.

• Support implementation of risk-based improvements to processes, controls, and documentation.

3. Audit & Assurance Support

• Act as primary liaison with internal and external auditors on technology-related audits and reviews.

• Coordinate management responses, evidence collection, and follow-up on open audit findings.

• Track remediation plans and maintain a central register of open and closed audit points.

• Prepare periodic assurance summaries for the CTO and the Audit Committee.

4. Vendor Governance

• Maintain the technology vendor due diligence process, including onboarding, annual reassessment, and ongoing monitoring.

• Ensure compliance with regulatory outsourcing guidelines (e.g., NBG clause 47-04/8) and the Bank’s outsourcing policy.

• Maintain vendor risk assessments, SLAs, SOC2/NIST compliance reports, and right-to-audit documentation.

• Coordinate annual review of all critical and material vendor relationships.

5. Regulatory & Compliance Operations

• Track regulatory obligations affecting the technology function and ensure compliance with applicable standards and circulars.

• Support the CTO in preparing regulatory submissions, attestations, and responses relating to IT, cybersecurity, and outsourcing.

• Maintain technology-related sections of the enterprise risk register and contribute to quarterly risk reporting.

• Coordinate periodic cybersecurity and resilience tests, tabletop exercises, and incident reporting procedures.

6. Continuous Improvement

• Develop and maintain key metrics and dashboards on technology risk posture, audit progress, and control maturity.

• Support automation of governance workflows using GRC platforms or collaboration tools (e.g., Notion, Jira, Confluence, BigQuery).

• Conduct awareness sessions and training on IT governance and compliance processes.

• Contribute to the development of a strong culture of accountability and control across the technology team.

Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Systems, Risk Management, or a related field or relevant equivalent experience.

• Minimum 3+ years of experience in IT governance, technology compliance, or IT audit (preferably within banking or regulated financial services).

• Strong working knowledge of NIST CSF, COBIT, and relevant ISO standards (27001/27002).

• Familiarity with banking regulatory frameworks, outsourcing guidelines, and information security policies.

• Experience supporting or coordinating internal/external IT audits.

• Excellent documentation, organizational, and stakeholder-management skills.

• Strong analytical skills, attention to detail, and ability to communicate complex information clearly.

• Certifications such as CISA, CRISC, CGRC, or ISO 27001 Lead Implementer/Auditor are advantageous.

• High integrity, professional discretion, and sense of accountability.

• Methodical and process-driven, with the ability to work autonomously.

• Strong interpersonal and coordination skills across technical and non-technical stakeholders.

• Proactive in identifying control gaps and proposing pragmatic improvements.

Why Us?

• Cutting-Edge Innovation: Work at the forefront of fintech, where every day brings fresh challenges and opportunities.

• Dynamic Team: Collaborate with passionate, driven professionals who love what they do.

• Startup Energy, Solid Foundation: Enjoy the agility of a startup with the stability of a regulated financial institution.

• Your Voice Matters: At Pave Bank, your ideas and contributions directly impact our growth and success.