Senior Grc Security Analyst Location: Barcelona, Spain

Barcelona

EUR 50.000 - 70.000

At Preply, we’re all about creating life-changing learning experiences. We help people discover the magic of the perfect tutor, craft a personalized learning journey, and stay motivated to keep growing. Our approach is human-led, tech-enabled - and it’s creating real impact. So far, 90,000 tutors have delivered over 20 million lessons to learners in more than 175 countries. Every Preply lesson sparks change, fuels ambition, and drives progress that matters.

Preply is seeking a Senior Security GRC Analyst to join our Cybersecurity team and own one of the most business-critical functions in our fast-growing global company. This is a greenfield opportunity to shape and scale our governance, risk, and compliance (GRC) program.

The role will be central to maintaining and expanding our compliance with industry standards (especially SOC 2 Type 2), building scalable governance processes, and proactively identifying and mitigating organizational risks.

You’ll work cross-functionally with Legal, Engineering, Security, Product, Finance, and company leadership. The ideal candidate brings deep risk and compliance expertise, thrives in ambiguity, and is energized by building secure, scalable systems that support business growth.

• Own and continuously improve Preply’s risk management framework.
• Design, execute, and evolve enterprise risk assessments, surfacing both technical and non-technical risks.
• Lead compliance initiatives for SOC 2 Type 2, with potential expansion to ISO 27001.
• Track and report Key Risk Indicators (KRIs) and other data-driven risk metrics.
• Develop and maintain a third-party risk management program.

• Write, update, and maintain security and compliance policies in collaboration with Legal and Security.
• Embed governance practices into everyday business operations.
• Help drive privacy-focused initiatives such as data retention and vendor risk assessments.

• Act as the primary liaison between Cybersecurity, Legal, and Engineering.
• Partner with Legal on translating regulatory requirements (GDPR, CCPA, etc.) into actionable policies.
• Support internal and external audits, policy reviews, and compliance syncs.
• Drive security awareness and compliance culture across the company.

• 5+ years in GRC, risk management, compliance, or cybersecurity—preferably in a tech or SaaS environment.
• Flexible background—can come from:
• Engineering or technical roles with exposure to platform risk/security.
• Legal or compliance roles, ideally with cybersecurity or privacy specialization.
• Hybrid profiles (e.g., lawyers with CISSP or engineers with compliance experience).
• Proven track record in:
• SOC 2 implementation (must-have).
• GDPR, ISO 27001, or similar frameworks.
• Risk assessments and KRIs.
• Cross-functional collaboration and stakeholder management.
• Core Competencies
• Strong understanding of cloud security and modern SaaS risk landscapes.
• Ability to translate regulatory requirements into practical, business-friendly policies.
• Effective communicator with experience presenting to executives and running cross-functional sessions.
• Knowledge of security tools and privacy-enhancing technologies is a plus.

Diversity, Equity, and Inclusion

Preply is committed to creating a diverse and inclusive environment where people from all backgrounds can thrive. Different opinions and viewpoints are key ingredients in our success as a multicultural Ed-Tech company.

Preply will consider all applications for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or veteran status. Together, we are The World Class.