Senior GRC Analyst

Pleo


Job Location:

London - UK

Monthly Salary: Not Disclosed
Posted on: 2 days ago
Vacancies: 1 Vacancy

Department:

Engineering

Job Summary

About Pleo

Messy spend management is tricky business. And tedious processes are a lose-lose situation for all involved not just finance. At Pleo were changing that. We build spend solutions that make managing money seamless empowering and surprisingly effective for finance teams and employees alike - with a vision to help all businesses go beyond.

The word Pleo actually means more than youd expect and living by that mantra has been the secret to our success over the last 10 years.

Now were at a pivotal moment in our journey; every move we make has a direct impact on our 40000 customers our business and our collective success. We need people who take pride in uncovering customer needs who turn complex problems into simple solutions challenge the way things are done (respectfully) and always aim high. With great ambitions driving us forward we cant say weve got this whole thing figured out. And frankly thats half the fun! What we can say is that were a driven progressive and importantly a kind bunch of 850 people from over 100 nationalities all committed to delivering the future of business spending together.

About the role

Were looking for a Senior GRC Analyst / GRC Engineer to join our Information Security this role youll help and be part of our governance operating model as we scale compliance. If youre excited about building compliance and are passionate about fast-paced scale ups then this is the opportunity for you!

Who youll be working with and reporting to

Youll report to our VP of Fraud & Security and work closely with teams in Risk and Compliance Procurement Legal Finance and Engineers. Our team is highly collaborative and dedicated to ensure compliance and security of the business. Youll also have the chance to partner with teams across the organization to ensure success.

What youll be doing

As a Senior GRC Analyst you will:

  • Automate our legacy systems relating to governance risk and compliance frameworks including ISO 27001 PCI-DSS DORA UK Cyber Essentials and relevant financial services regulations.

  • Integrate GRC workflows with internal systems (e.g. ticketing asset management identity cloud platforms) to support compliance by design.

  • Design and build scalable GRC architectures and automation for evidence collection control testing and compliance reporting.

  • Draft review and maintain Pleos security policies mapping them to relevant control standards and ensuring alignment across frameworks as the business evolves.

  • Handle incoming security requests from customers and prospects including questionnaires one-off questions review calls and documentation ensuring responses are accurate thorough and reflect our actual security posture.

  • Conduct third-party vendor assessments evaluating suppliers against Pleos compliance and security standards and ensuring identified gaps are tracked and resolved.

  • Track and report on compliance metrics and KPIs giving leadership the data-driven visibility they need to understand where the programme stands and where it needs to go.

  • Translate compliance requirements into technical specifications that engineering teams can implement and make the same topics accessible to non-technical stakeholders.

  • Coordinate complex multi-team workstreams keeping dependencies visible priorities clear and delivery on track even when things shift.

  • Contribute to the broader Cybersecurity team staying connected with ongoing initiatives and supporting shared goals across the function.

What you bring


Youll thrive in this role if you have:

  • Significant experience in Security GRC understanding of auditing processes with direct experience in both internal and external audit cycles.

  • Demonstrated experience collaborating directly with engineering risk and compliance procurement legal and finance teams to get controls built implemented and operating in practice.

  • A strong understanding of cloud architectures (AWS or equivalent) and how infrastructure decisions map to security controls and audit evidence.

  • Experience leveraging AI-enabled compliance and workflow automation tools.

  • Experience designing metrics and reporting for GRC programs including dashboards and executive-level summaries.

  • Fintech payments industry or IT audit background with familiarity with regulatory expectations and payment platform architectures.

  • Certifications such as ISO 27001 Lead Implementer or Lead Auditor CISSP CISA or PCI-related credentials. A degree in Cybersecurity Engineering Computer Science Mathematics or equivalent experience is a plus.

Why is this role a good fit for you

This role is a good fit for you if:

  • Youre equally excited about getting into the details of regulations requirements as you are about writing code.

  • You demonstrate high-agency and like to take initiative in developing solutions that will save the team time.

This role is not a good fit for you if:

  • You are not able to work closely with colleagues who do not have an engineering background.

  • You require a well groomed backlog and task assignment in order to perform at your best.

How youll develop in this role

In your first 6 months at Pleo youll:

  • Get hands-on with Pleos security landscape learning how our GRC programme operates across frameworks like ISO 27001 PCI-DSS and DORA.

  • Build automation for evidence collection control testing and policy as code within our existing compliance frameworks and help shape the long-term security initiatives that support Pleos growth working closely with Engineering Risk & Compliance and other key stakeholders.

  • Integrate into the Cybersecurity team connecting with ongoing initiatives understanding shared goals and starting to contribute to the workflows and tooling that keep Pleo secure and compliant.

Were committed to helping you develop your career whether that means taking on bigger projects stepping into leadership or acquiring new skills.

The location

Please note: We can hire on a remote hybrid or in-person set-up in any of the locations listed on the advert but you will need to be physically based in the country of your choice with a valid right to work. We are unable to offer visa sponsorship for this role in any of the listed locations.

Show me the benefits!

  • Your own Pleo card (no more out-of-pocket spending!)

  • Lunch is on us for your work days - enjoy catered meals or receive a lunch allowance based on your local office

  • Comprehensive private healthcare - depending on your location coverage options include Vitality Alan or Médis

  • We offer 25-28 days of holiday (depending on your location) public holidays

  • For our Team we offer both hybrid and fully remote working options

  • Option to purchase 5 additional days of holiday through a salary sacrifice

  • We use MyndUp to give our employees access to free mental health and well-being support with great success so far

  • Paid parental leave - we want to make sure that were supportive of families and help you feel that you dont have to compromise your family due to work


The interview process

We want to ensure you are set-up for success and understand what will be expected of you. If your application is successful our interview process is as follows:

  1. Intro call: A 30-minute chat with our Talent Partner to discuss the role and your background.

  2. Hiring Manager interview: a 60-minute conversation deep diving into your previous experience.

  3. Pleo Challenge: a 75-minute practical interview testing your skills on a real-life scenario.

Transparency is important to us so we also wanted to share some insights about what were looking for in applications to ensure you can set yourself up for success!

Last time we hired a GRC Analyst we received a total of 350 applications but only 18 were selected for an intro call. Some of the key reasons why previous candidates didnt make it past the application screening stage include:

  • CV writing and content: we receive a lot of CVs and many of them are AI-generated. We love seeing people leverage AIits a big focus for us internally toobut without human intervention these CVs can sometimes become generic and fail to show a candidate in the best light. What were really looking for is the specific details of real impact that only you know from your previous experience. A top tip from us is to use the Achieved X as measured by Y by doing Z formula (credit: Laszlo Bock 2014) to give a really clear picture of what youve worked on. A final note: including links to your previous companies websites is a huge help and allows us to truly understand your background!

  • Application care: every single application we receive is reviewed by a human (yes hundreds of them) because we believe that candidates efforts should be matched by an equal level of human care. This means that we expect a similar level of attention put into your application. Read and answer the application questions carefully they make a huge difference in our decision-making process.

  • Profile to role fit: this role sits at the intersection of GRC Analysis and Engineering. It is non-negotiable for the right person to bring a deep understanding of compliance frameworks in the fintech space but to also be able to automate tasks and workflows.

About your application

  • English first. Since its our company language please submit your application in English. Youll be using it a lot if you join us.

  • A fair look for everyone. Our talent team reads every single application to ensure the process is fair. To keep things running smoothly we only accept applications through our systemour support team cant pass on calls or emails.

  • Diversity drives us. We can only reach our goals if our team reflects the world around us. That starts with you hitting apply even if you dont tick every single box. We encourage people from all backgrounds and experiences to join us.

  • Interview at your best. We want you to feel comfortable throughout the process. If you have any accessibility requirements or need a specific format email Well design a process that works for you.

  • Your data is safe. When you apply we process your personal data as a data processor. For more information on how Pleo processes personal data read our Privacy Policy here.

  • Applying for multiple roles Nothing is stopping you and we assess every role independently. However we do look for alignment so make sure you can explain why your interest and experience are right for each specific role.

  • Reapplying. If youre applying for the same role again please wait six months from your last decision before hitting submit.


Required Experience:

Senior IC

About PleoMessy spend management is tricky business. And tedious processes are a lose-lose situation for all involved not just finance. At Pleo were changing that. We build spend solutions that make managing money seamless empowering and surprisingly effective for finance teams and employees alike -...