Senior GRC Analyst

Company: Pleo
Apply for the Senior GRC Analyst
Location: London
Job Description:

About Pleo

Messy spend management is tricky business. And tedious processes are a lose‑lose situation for all involved, not just finance. At Pleo, we’re changing that. We build spend solutions that make managing money seamless, empowering, and surprisingly effective for finance teams and employees alike – with a vision to help all businesses ‘go beyond’. The word ‘Pleo’ actually means ‘more than you’d expect’, and living by that mantra has been the secret to our success over the last 10 years. We are a driven, progressive, and, importantly, a kind bunch of 850+ people from over 100 nationalities, all committed to delivering the future of business spending, together.

About The Role

We’re looking for a Senior GRC Analyst / GRC Engineer to join our Information Security team at Pleo. In this role, you’ll help build and scale compliance within our governance operating model. If you’re excited about building compliance and are passionate about fast‑paced scale‑ups, this is the opportunity for you.

Who You’ll Be Working With And Reporting To

You’ll report to our VP of Fraud & Security and work closely with teams in Risk and Compliance, Procurement, Legal, Finance, and Engineers. The team is highly collaborative and dedicated to ensuring compliance and security of the business. You’ll also partner with teams across the organization to ensure success.

What You’ll Be Doing

  • Automate legacy systems relating to governance, risk, and compliance frameworks, including ISO 27001, PCI-DSS, DORA, UK Cyber Essentials and relevant financial services regulations.
  • Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud platforms) to support compliance by design.
  • Design and build scalable GRC architectures and automation for evidence collection, control testing, and compliance reporting.
  • Draft, review and maintain Pleo’s security policies, mapping them to relevant control standards and ensuring alignment across frameworks as the business evolves.
  • Handle incoming security requests from customers and prospects, including questionnaires, one‑off questions, review calls, and documentation ensuring responses are accurate, thorough, and reflect our actual security posture.
  • Conduct third‑party vendor assessments, evaluating suppliers against Pleo’s compliance and security standards and ensuring identified gaps are tracked and resolved.
  • Track and report on compliance metrics and KPIs, giving leadership data‑driven visibility on where the programme stands and where it needs to go.
  • Translate compliance requirements into technical specifications that engineering teams can implement, and make the same topics accessible to non‑technical stakeholders.
  • Coordinate complex, multi‑team workstreams, keeping dependencies visible, priorities clear, and delivery on track even when things shift.
  • Contribute to the broader Cybersecurity team, staying connected with ongoing initiatives and supporting shared goals across the function.

What You Bring

  • Significant experience in Security GRC, understanding of auditing processes, with direct experience in both internal and external audit cycles.
  • Demonstrated experience collaborating directly with engineering, risk and compliance, procurement, legal, and finance teams to get controls built, implemented, and operating in practice.
  • A strong understanding of cloud architectures (AWS or equivalent) and how infrastructure decisions map to security controls and audit evidence.
  • Experience leveraging AI‑enabled compliance and workflow automation tools.
  • Experience designing metrics and reporting for GRC programs, including dashboards and executive‑level summaries.
  • Fintech, payments industry or IT audit background, with familiarity with regulatory expectations and payment platform architectures.
  • Certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISSP, CISA, or PCI‑related credentials. A degree in Cybersecurity, Engineering, Computer Science, Mathematics, or equivalent experience is a plus.

Why This Role Is A Good Fit For You

  • You’re equally excited about getting into the details of regulatory requirements as you are about writing code.
  • You demonstrate high agency and like to take initiative in developing solutions that will save the team time.

How You’ll Develop In This Role

  • Get hands‑on with Pleo’s security landscape, learning how our GRC programme operates across frameworks like ISO 27001, PCI‑DSS, and DORA.
  • Build automation for evidence collection, control testing, and policy as code within our existing compliance frameworks, and help shape the long‑term security initiatives that support Pleo’s growth, working closely with Engineering, Risk & Compliance, and other key stakeholders.
  • Integrate into the Cybersecurity team, connecting with ongoing initiatives, understanding shared goals, and starting to contribute to the workflows and tooling that keep Pleo secure and compliant.

Location

We can hire on a remote, hybrid or in‑person set‑up in any of the locations listed on the advert, but you will need to be physically based in the country of your choice with a valid right to work. We are unable to offer visa sponsorship for this role in any listed locations.

Benefits

  • Your own Pleo card (no more out‑of‑pocket spending)
  • Lunch is on us for your work days – enjoy catered meals or receive a lunch allowance based on your local office
  • Comprehensive private healthcare – depending on your location coverage options include Vitality, Alan or Médis
  • We offer 25‑28 days of holiday (depending on your location) + public holidays
  • We offer both hybrid and fully remote working options
  • Option to purchase 5 additional days of holiday through a salary sacrifice
  • We use MyndUp to give our employees access to free mental‑health and well‑being support
  • Paid parental leave – we want to make sure that we’re supportive of families and help you feel that you don’t have to compromise your family due to work

#J-18808-Ljbffr…

Posted: July 11th, 2026