Governance, Risk, And Compliance Associate

Summary

Join Pleo as a Governance, Risk & Compliance Analyst and contribute to the security of our FinTech company. This role focuses on internal and external compliance, particularly PCI-DSS and ISO 27001/2. You will collaborate with various teams, maintain control frameworks, respond to security queries, and assist in compliance projects. The ideal candidate is familiar with GRC frameworks and has a passion for security. Pleo offers a flexible work environment and various benefits, including a Pleo card, lunch, private health insurance, remote work options, additional holiday purchase, mental health support, access to LinkedIn Learning, and paid parental leave.

Requirements

• Be familiar with GRC frameworks and tooling
• Have some knowledge about industry standard frameworks
• Have a passion for the field
• Be willing to expand your knowledge
• Enjoy the responsibilities that come along with such a role
• Recognize that communication is a core part of your job within application security
• Be pragmatic in your approach to security
• Understand that risk drives effort, effort drives cost
• Agree security isn't sorcery but is a matter of understanding complex systems and applying/recycling creative thinking to interesting problems
• Love learning new things and enjoy working with problem areas you aren't an expert in (yet)
• Be honest and unafraid to state things exactly like they are - acknowledging and communicating what's broken is the first step to fixing things
• Be able to work well with a wide range of stakeholders
• Have some experience assessing security risks in third-party vendors
• Have some understanding and experience with industry standards, including PCI-DSS and ISO 27000 series

Responsibilities

• Collaborate with Procurement, Legal and Privacy by reviewing and assessing new vendors and tools
• Maintain control frameworks and evidence collection tools for PCI-DSS and ISO 27001/2 compliance
• Respond to internal and external queries about our security program
• Assist in the review of security policies, standards and guidelines in collaboration with various internal stakeholders
• Assist in ad hoc GRC projects and maintain ongoing compliance efforts
• Contribute to security awareness training materials for Pleo employees
• Contribute to achieving our GRC roadmap
• Participate in projects supporting a long term security vision
• Continuously think about how we balance compliance efforts with the needs of a rapidly growing and evolving FinTech company

Preferred Qualifications

Have experience with GRC tools (OneTrust, securiti.ai, Vanta, etc.)

Benefits

• Your own Pleo card (no more out-of-pocket spending!)
• Lunch is on us - with catering in our Lisbon, Copenhagen and London offices or a monthly lunch allowance paid directly together with your salary in other markets
• Private health insurance to ensure you’re fit in body and mind to do your best work
• Flexibility/remote working options
• Option to purchase 5 additional days of holiday through a salary sacrifice
• Access to MyndUp to give our employees access to free mental health and wellbeing support
• Access to LinkedIn Learning - acquire new skills, stay abreast of industry trends and fuel your personal and professional development continuously
• Paid parental leave - we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work