Senior GRC Analyst

EuropeDenmarkSpainPortugalUnited KingdomRemoteSenior

We're looking for a Senior GRC Analyst / GRC Engineer to join our Information Security team at Pleo. In this role, you'll help and be part of our governance operating model as we scale compliance. If you're excited about building compliance and are passionate about fast-paced scale ups, then this is the opportunity for you!

Who you’ll be working with and reporting to

You’ll report to our VP of Fraud & Security and work closely with teams in Risk and Compliance, Procurement, Legal, Finance, and Engineers. Our team is highly collaborative and dedicated to ensure compliance and security of the business. You’ll also have the chance to partner with teams across the organization to ensure success.

What you’ll be doing

As a Senior GRC Analyst, you will:

  • Automate our legacy systems relating to governance, risk, and compliance frameworks, including ISO 27001, PCI-DSS, DORA, UK Cyber Essentials and relevant financial services regulations.

  • Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud platforms) to support compliance by design.

  • Design and build scalable GRC architectures and automation for evidence collection, control testing, and compliance reporting.

  • Draft, review, and maintain Pleo's security policies, mapping them to relevant control standards and ensuring alignment across frameworks as the business evolves.

  • Handle incoming security requests from customers and prospects, including questionnaires, one-off questions, review calls, and documentation ensuring responses are accurate, thorough, and reflect our actual security posture.

  • Conduct third-party vendor assessments, evaluating suppliers against Pleo's compliance and security standards and ensuring identified gaps are tracked and resolved.

  • Track and report on compliance metrics and KPIs, giving leadership the data-driven visibility they need to understand where the programme stands and where it needs to go.

  • Translate compliance requirements into technical specifications that engineering teams can implement, and make the same topics accessible to non-technical stakeholders.

  • Coordinate complex, multi-team workstreams, keeping dependencies visible, priorities clear, and delivery on track even when things shift.

  • Contribute to the broader Cybersecurity team, staying connected with ongoing initiatives and supporting shared goals across the function.

What you bring


You’ll thrive in this role if you have:

  • Significant experience in Security GRC, understanding of auditing processes, with direct experience in both internal and external audit cycles.

  • Demonstrated experience collaborating directly with engineering, risk and compliance, procurement, legal, and finance teams to get controls built, implemented, and operating in practice.

  • A strong understanding of cloud architectures (AWS or equivalent) and how infrastructure decisions map to security controls and audit evidence.

  • Experience leveraging AI-enabled compliance and workflow automation tools.

  • Experience designing metrics and reporting for GRC programs, including dashboards and executive-level summaries.

  • Fintech, payments industry or IT audit background, with familiarity with regulatory expectations and payment platform architectures.

  • Certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISSP, CISA, or PCI-related credentials. A degree in Cybersecurity, Engineering, Computer Science, Mathematics, or equivalent experience is a plus.

Why is this role a good fit for you

This role is a good fit for you if:

  • You're equally excited about getting into the details of regulations requirements as you are about writing code.

  • You demonstrate high-agency and like to take initiative in developing solutions that will save the team time.

This role is not a good fit for you if:

  • You are not able to work closely with colleagues who do not have an engineering background.

  • You require a well groomed backlog and task assignment in order to perform at your best.

How you’ll develop in this role

In your first 6 months at Pleo, you’ll:

  • Get hands-on with Pleo's security landscape, learning how our GRC programme operates across frameworks like ISO 27001, PCI-DSS, and DORA.

  • Build automation for evidence collection, control testing, and policy as code within our existing compliance frameworks, and help shape the long-term security initiatives that support Pleo's growth, working closely with Engineering, Risk & Compliance, and other key stakeholders.

  • Integrate into the Cybersecurity team, connecting with ongoing initiatives, understanding shared goals, and starting to contribute to the workflows and tooling that keep Pleo secure and compliant.

We’re committed to helping you develop your career, whether that means taking on bigger projects, stepping into leadership, or acquiring new skills.

The location

Please note: We can hire on a remote, hybrid or in-person set-up in any of the locations listed on the advert but you will need to be physically based in the country of your choice with a valid right to work. We are unable to offer visa sponsorship for this role in any of the listed locations.

Show me the benefits!

  • Your own Pleo card (no more out-of-pocket spending!)

  • Lunch is on us for your work days - enjoy catered meals or receive a lunch allowance based on your local office

  • Comprehensive private healthcare - depending on your location, coverage options include Vitality, Alan or Médis

  • We offer 25-28 days of holiday (depending on your location) + public holidays

  • For our Team, we offer both hybrid and fully remote working options

  • Option to purchase 5 additional days of holiday through a salary sacrifice

  • We use MyndUp to give our employees access to free mental health and well-being support with great success so far

  • Paid parental leave - we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work

Published on: 7/10/2026

Pleo

Pleo

Pleo is Europe's #1 business spending solution, trusted by over 40,000 companies

Website

See all 2 jobs at Pleo

Please let Pleo know you found this job on Wantapply.com. It helps us to get more jobs on our site. Thanks!