Senior GRC Security Analyst

We power people's progress.

At Preply, we’re all about creating life-changing learning experiences. We help people discover the magic of the perfect tutor, craft a personalized learning journey, and stay motivated to keep growing. Our approach is human-led, tech-enabled - and it’s creating real impact. So far, 90,000 tutors have delivered over 20 million lessons to learners in more than 175 countries. Every Preply lesson sparks change, fuels ambition, and drives progress that matters.

Meet the team!

Preply is seeking a Senior Security GRC Analyst to join our Cybersecurity team and own one of the most business-critical functions in our fast-growing global company. This is a greenfield opportunity to shape and scale our governance, risk, and compliance (GRC) program. 

The role will be central to maintaining and expanding our compliance with industry standards (especially SOC 2 Type 2), building scalable governance processes, and proactively identifying and mitigating organizational risks.

You’ll work cross-functionally with Legal, Engineering, Security, Product, Finance, and company leadership. The ideal candidate brings deep risk and compliance expertise, thrives in ambiguity, and is energized by building secure, scalable systems that support business growth.

What you will be doing:

Risk Management & Compliance

• Own and continuously improve Preply’s risk management framework.
• Design, execute, and evolve enterprise risk assessments, surfacing both technical and non-technical risks.
• Lead compliance initiatives for SOC 2 Type 2, with potential expansion to ISO 27001.
• Track and report Key Risk Indicators (KRIs) and other data-driven risk metrics.
• Develop and maintain a third-party risk management program.

Governance & Policy Development

• Write, update, and maintain security and compliance policies in collaboration with Legal and Security.
• Embed governance practices into everyday business operations.
• Help drive privacy-focused initiatives such as data retention and vendor risk assessments.

Cross-functional Collaboration

• Act as the primary liaison between Cybersecurity, Legal, and Engineering.
• Partner with Legal on translating regulatory requirements (GDPR, CCPA, etc.) into actionable policies.
• Support internal and external audits, policy reviews, and compliance syncs.
• Drive security awareness and compliance culture across the company.

What you need to succeed:

• 5+ years in GRC, risk management, compliance, or cybersecurity—preferably in a tech or SaaS environment.
• Flexible background—can come from:
• Engineering or technical roles with exposure to platform risk/security.
• Legal or compliance roles, ideally with cybersecurity or privacy specialization.
• Hybrid profiles (e.g., lawyers with CISSP or engineers with compliance experience).
• Proven track record in:
• SOC 2 implementation (must-have).
• GDPR, ISO 27001, or similar frameworks.
• Risk assessments and KRIs.
• Cross-functional collaboration and stakeholder management.
• Core Competencies
• Strong understanding of cloud security and modern SaaS risk landscapes.
• Ability to translate regulatory requirements into practical, business-friendly policies.
• Effective communicator with experience presenting to executives and running cross-functional sessions.
• Knowledge of security tools and privacy-enhancing technologies is a plus.

Certifications (Nice to Have)

• CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor, CIPM

Our Principles

• Care to change the world - We are passionate about our work and care deeply about its impact to be life changing.
• We do it for learners - For both Preply and tutors, learners are why we do what we do. Every day we focus on empowering tutors to deliver an exceptional learning experience.
• Keep perfecting - To create an outstanding customer experience, we focus on simplicity, smoothness, and enjoyment, continually perfecting it as every detail matters.
• Now is the time - In a fast-paced world, it matters how quickly we act. Now is the time to make great things happen.
• Disciplined execution - What makes us disciplined is the excellence in our execution. We set clear goals, focus on what matters, and utilize our resources efficiently.
• Dive deep - We leverage business acumen and curiosity to investigate disparities between numbers and stories, unlocking meaningful insights to guide our decisions.
• Growth mindset - We proactively seek growth opportunities and believe today's best performance becomes tomorrow's starting point. We humbly embrace feedback and learn from setbacks.
• Raise the bar - We raise our performance standards continuously, alongside each new hire and promotion. We build diverse and high-performing teams that can make a real difference.
• Challenge, disagree and commit - We value open and candid communication, even when we don’t fully agree. We speak our minds, challenge when necessary, and fully commit to decisions once made.
• One Preply - We prioritize collaboration, inclusion, and the success of our team over personal ambitions. Together, we support and celebrate each other's progress.

Diversity, Equity, and Inclusion

Preply is committed to creating a diverse and inclusive environment where people from all backgrounds can thrive. Different opinions and viewpoints are key ingredients in our success as a multicultural Ed-Tech company. 

Preply will consider all applications for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or veteran status. Together, we are The World Class.

#LI-KD2