Governance, Risk, And Compliance Associate

Summary

Join Pleo as a Governance, Risk & Compliance Analyst and contribute to protecting our customers' money by focusing on internal and external compliance, particularly PCI-DSS and ISO 27001/2. You will collaborate with various teams, maintain control frameworks, respond to security queries, and assist in policy reviews and ad-hoc projects. The role offers flexibility and the chance to contribute to a long-term security vision within a rapidly growing FinTech company. We seek a passionate individual familiar with GRC frameworks and tooling, who is a strong communicator and pragmatic in their approach to security. Pleo offers a variety of benefits, including a Pleo card, catered lunches or a monthly allowance, private health insurance, flexible/remote work options, additional holiday purchase options, mental health support, access to LinkedIn Learning, and paid parental leave.

Requirements

• Able to work well with a wide range of stakeholders
• You have some experience assessing security risks in third-party vendors
• You have some understanding and experience with industry standards, including PCI-DSS and ISO 27000 series
• You recognize that communication is a core part of your job within application security
• You are pragmatic in your approach to security - and apply the goldilocks principle. You understand that risk drives effort, effort drives cost, not the other way around
• You agree security isn't sorcery but is a matter of understanding complex systems and applying/recycling creative thinking to interesting problems
• You love learning new things and enjoy working with problem areas you aren't an expert in (yet)
• You are honest and unafraid to state things exactly like they are - acknowledging and communicating what's broken is the first step to fixing things

Responsibilities

• Collaborate with Procurement, Legal and Privacy by reviewing and assessing new vendors and tools
• Maintain control frameworks and evidence collection tools for PCI-DSS and ISO 27001/2 compliance
• Respond to internal and external queries about our security program
• Assist in the review of security policies, standards and guidelines in collaboration with various internal stakeholders
• Assist in ad hoc GRC projects and maintain ongoing compliance efforts
• Contribute to security awareness training materials for Pleo employees
• Contribute to achieving our GRC roadmap
• Participate in projects supporting a long term security vision
• Continuously think about how we balance compliance efforts with the needs of a rapidly growing and evolving FinTech company

Preferred Qualifications

Experience with GRC tools (OneTrust, securiti.ai, Vanta, etc.)

Benefits

• Your own Pleo card (no more out-of-pocket spending!)
• Lunch is on us - with catering in our Lisbon, Copenhagen and London offices or a monthly lunch allowance paid directly together with your salary in other markets 🍜
• Private health insurance to ensure you’re fit in body and mind to do your best work
• For this team we offer flexibility/remote working options
• Option to purchase 5 additional days of holiday through a salary sacrifice
• We’re trialling MyndUp to give our employees access to free mental health and wellbeing support with great success so far ❤️‍🩹
• Access to LinkedIn Learning - acquire new skills, stay abreast of industry trends and fuel your personal and professional development continuously
• Paid parental leave - we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work 👶