✅ 1. What do you understand by IT compliance in a fintech environment? Answer: IT compliance in fintech means ensuring that all information systems and processes comply with financial regulations, cybersecurity standards, and internal control frameworks. It includes data protection, secure system access, regular audits, and continuous monitoring of trading infrastructure to avoid legal or reputational risks. ✅ 2. What do you know about MiFID II or CySEC regulation? Answer: MiFID II is a European regulation designed to improve investor protection and transparency in financial markets. It affects how trading platforms operate, including how data is recorded, reported, and secured. Since Capital.com is regulated by CySEC, compliance with these rules is essential — especially around customer onboarding, transaction monitoring, and data retention. ✅ 3. What are the major IT risks in a trading platform? Answer: Key risks include system downtime, unauthorized access, latency in trade execution, data leakage, and manipulation of price feeds. There’s also the risk of weak change management, especially if trading logic or order routing rules are modified without proper testing and approval. ✅ 4. How would you help ensure regulatory compliance in a fast-changing environment like fintech? Answer: I would implement a risk-based compliance monitoring framework, keep policies regularly updated, and establish clear documentation processes. Staying close to product and IT teams is essential to detect potential compliance risks early. Automation of controls where possible — for access, monitoring, and reporting — also helps. ✅ 5. Can you give an example of a compliance gap you identified or resolved? Answer: In one engagement, I noticed missing multi-factor authentication for remote access to banking systems. I led a quick internal assessment, proposed changes aligned with ISO 27001, and coordinated with IT to implement and document the fix. The gap was remediated before the external audit. ✅ 6. How do you stay current with regulations and standards? Answer: I regularly follow updates from ENISA, NIST, and local regulators like CySEC. I’m also subscribed to ISACA and SANS newsletters, and I review key updates related to ISO 27001 and SOC 2. If hired, I’d ensure we translate all relevant changes into updated controls or documentation. ✅ 7. What does “evidence collection” mean in a compliance audit? Answer: It’s the process of gathering verifiable proof that specific controls are in place and functioning. That includes screenshots, logs, policy documents, meeting minutes, system configurations, and audit trails. The evidence must be complete, timely, and linked to each control requirement. ✅ 8. How do you balance business agility and compliance? Answer: I believe in embedding compliance early into the development or product lifecycle — not as a blocker, but as an enabler. By defining clear guidelines and participating in early reviews, we can prevent issues without slowing down delivery.