At a Glance
- Tasks: Join our team to automate governance, risk, and compliance processes in a fast-paced environment.
- Company: Pleo is revolutionising spend management with a diverse and collaborative culture.
- Benefits: Enjoy competitive pay, flexible working options, and comprehensive healthcare.
- Other info: Join a dynamic team dedicated to innovation and personal growth.
- Why this job: Make a real impact on compliance while working with cutting-edge technology.
- Qualifications: Experience in Security GRC and collaboration with cross-functional teams is essential.
The predicted salary is between 60000 - 80000 £ per year.
About Pleo
Messy spend management is tricky business. At Pleo, we're changing that. We build spend solutions that make managing money seamless, empowering, and surprisingly effective for finance teams and employees alike - with a vision to help all businesses ‘go beyond’. The word ‘Pleo’ actually means ‘more than you’d expect’, and living by that mantra has been the secret to our success over the last 10 years.
Now, we’re at a pivotal moment in our journey; every move we make has a direct impact on our 40,000+ customers, our business, and our collective success. We need people who take pride in uncovering customer needs, who turn complex problems into simple solutions, challenge the way things are done (respectfully), and always aim high. With great ambitions driving us forward, we can’t say we’ve got this whole thing figured out. And frankly, that’s half the fun! What we can say is that we’re a driven, progressive, and, importantly, a kind bunch of 850+ people from over 100 nationalities, all committed to delivering the future of business spending, together.
About the role
We're looking for a Senior GRC Analyst / GRC Engineer to join our Information Security team at Pleo. In this role, you'll help and be part of our governance operating model as we scale compliance. If you're excited about building compliance and are passionate about fast-paced scale ups, then this is the opportunity for you!
Who you’ll be working with and reporting to
You’ll report to our VP of Fraud & Security and work closely with teams in Risk and Compliance, Procurement, Legal, Finance, and Engineers. Our team is highly collaborative and dedicated to ensure compliance and security of the business. You’ll also have the chance to partner with teams across the organization to ensure success.
What you’ll be doing
- Automate our legacy systems relating to governance, risk, and compliance frameworks, including ISO 27001, PCI-DSS, DORA, UK Cyber Essentials and relevant financial services regulations.
- Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud platforms) to support compliance by design.
- Design and build scalable GRC architectures and automation for evidence collection, control testing, and compliance reporting.
- Draft, review, and maintain Pleo's security policies, mapping them to relevant control standards and ensuring alignment across frameworks as the business evolves.
- Handle incoming security requests from customers and prospects, including questionnaires, one-off questions, review calls, and documentation ensuring responses are accurate, thorough, and reflect our actual security posture.
- Conduct third-party vendor assessments, evaluating suppliers against Pleo's compliance and security standards and ensuring identified gaps are tracked and resolved.
- Track and report on compliance metrics and KPIs, giving leadership the data-driven visibility they need to understand where the programme stands and where it needs to go.
- Translate compliance requirements into technical specifications that engineering teams can implement, and make the same topics accessible to non-technical stakeholders.
- Coordinate complex, multi-team workstreams, keeping dependencies visible, priorities clear, and delivery on track even when things shift.
- Contribute to the broader Cybersecurity team, staying connected with ongoing initiatives and supporting shared goals across the function.
What you bring
You’ll thrive in this role if you have:
- Significant experience in Security GRC, understanding of auditing processes, with direct experience in both internal and external audit cycles.
- Demonstrated experience collaborating directly with engineering, risk and compliance, procurement, legal, and finance teams to get controls built, implemented, and operating in practice.
- A strong understanding of cloud architectures (AWS or equivalent) and how infrastructure decisions map to security controls and audit evidence.
- Experience leveraging AI-enabled compliance and workflow automation tools.
- Experience designing metrics and reporting for GRC programs, including dashboards and executive-level summaries.
- Fintech, payments industry or IT audit background, with familiarity with regulatory expectations and payment platform architectures.
- Certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISSP, CISA, or PCI-related credentials. A degree in Cybersecurity, Engineering, Computer Science, Mathematics, or equivalent experience is a plus.
Why is this role a good fit for you
This role is a good fit for you if:
- You're equally excited about getting into the details of regulations requirements as you are about writing code.
- You demonstrate high-agency and like to take initiative in developing solutions that will save the team time.
This role is not a good fit for you if:
- You are not able to work closely with colleagues who do not have an engineering background.
- You require a well groomed backlog and task assignment in order to perform at your best.
How you’ll develop in this role
In your first 6 months at Pleo, you’ll:
- Get hands-on with Pleo's security landscape, learning how our GRC programme operates across frameworks like ISO 27001, PCI-DSS, and DORA.
- Build automation for evidence collection, control testing, and policy as code within our existing compliance frameworks, and help shape the long-term security initiatives that support Pleo's growth, working closely with Engineering, Risk & Compliance, and other key stakeholders.
- Integrate into the Cybersecurity team, connecting with ongoing initiatives, understanding shared goals, and starting to contribute to the workflows and tooling that keep Pleo secure and compliant.
We’re committed to helping you develop your career, whether that means taking on bigger projects, stepping into leadership, or acquiring new skills.
The location
Please note: We can hire on a remote, hybrid or in-person set-up in any of the locations listed on the advert but you will need to be physically based in the country of your choice with a valid right to work. We are unable to offer visa sponsorship for this role in any of the listed locations.
Show me the benefits!
- Your own Pleo card (no more out-of-pocket spending!)
- Lunch is on us for your work days - enjoy catered meals or receive a lunch allowance based on your local office
- Comprehensive private healthcare - depending on your location, coverage options include Vitality, Alan or Médis
- We offer 25-28 days of holiday (depending on your location) + public holidays
- For our Team, we offer both hybrid and fully remote working options
- Option to purchase 5 additional days of holiday through a salary sacrifice
- We use MyndUp to give our employees access to free mental health and well-being support with great success so far
- Paid parental leave - we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work
The interview process
We want to ensure you are set-up for success and understand what will be expected of you. If your application is successful, our interview process is as follows:
- Intro call: A 30-minute chat with our Talent Partner to discuss the role and your background.
- Hiring Manager interview: a 60-minute conversation deep diving into your previous experience.
- Pleo Challenge: a ~75-minute practical interview testing your skills on a real-life scenario.
Transparency is important to us so we also wanted to share some insights about what we’re looking for in applications to ensure you can set yourself up for success!
Last time we hired a GRC Analyst, we received a total of 350 applications but only 18 were selected for an intro call. Some of the key reasons why previous candidates didn’t make it past the application screening stage include:
- CV writing and content: we receive a lot of CVs, and many of them are AI-generated. We love seeing people leverage AI—it’s a big focus for us internally too—but without human intervention, these CVs can sometimes become generic and fail to show a candidate in the best light. What we're really looking for is the specific details of real impact that only you know from your previous experience. A top tip from us is to use the “Achieved X, as measured by Y, by doing Z” formula (credit: Laszlo Bock, ~2014) to give a really clear picture of what you’ve worked on.
- Application care: every single application we receive is reviewed by a human (yes, hundreds of them) because we believe that candidates' efforts should be matched by an equal level of human care. This means that we expect a similar level of attention put into your application. Read and answer the application questions carefully, they make a huge difference in our decision-making process.
- Profile to role fit: this role sits at the intersection of GRC Analysis and Engineering. It is non-negotiable for the right person to bring a deep understanding of compliance frameworks in the fintech space but to also be able to automate tasks and workflows.
About your application
English first. Since it's our company language, please submit your application in English. You’ll be using it a lot if you join us.
A fair look for everyone. Our talent team reads every single application to ensure the process is fair. To keep things running smoothly, we only accept applications through our system—our support team can’t pass on calls or emails.
Diversity drives us. We can only reach our goals if our team reflects the world around us. That starts with you hitting apply, even if you don't tick every single box. We encourage people from all backgrounds and experiences to join us.
Interview at your best. We want you to feel comfortable throughout the process. If you have any accessibility requirements or need a specific format, email belonging@pleo.io. We’ll design a process that works for you.
Your data is safe. When you apply, we process your personal data as a data processor. For more information on how Pleo processes personal data, read our Privacy Policy here.
Applying for multiple roles? Nothing is stopping you, and we assess every role independently. However, we do look for alignment, so make sure you can explain why your interest and experience are right for each specific role.
Reapplying. If you’re applying for the same role again, please wait six months from your last decision before hitting submit.
Senior GRC Analyst in London employer: Pleo
Pleo is an exceptional employer that fosters a collaborative and innovative work culture, where employees are empowered to challenge the status quo and contribute to meaningful solutions in spend management. With a commitment to employee growth, Pleo offers comprehensive benefits including flexible working arrangements, generous holiday allowances, and access to mental health support, all while being part of a diverse team dedicated to transforming the future of business spending.
StudySmarter Expert Advice🤫
We think this is how you could land Senior GRC Analyst in London
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like Pleo looking for candidates who are engaged and informed.
We think you need these skills to ace Senior GRC Analyst in London
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at Pleo. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at Pleo
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with Pleo’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!