GRC Manager

This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process - reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Cust

דרישות:

5-8 years of experience in Governance, Risk, and Compliance (GRC) or Information Security management, preferably within a technology or SaaS organization.
Proven track record of developing, implementing, and maintaining security policies and frameworks (e.g., ISO 27001, SOC 2, GDPR, NIST).
Hands-on experience owning and managing a corporate risk register, driving risk assessments, and ensuring timely mitigation across multiple business domains.
Strong background in compliance management, including preparing evidence and documentation for both internal and external audits.
Demonstrated ability to lead vendor and third-party security assessments, evaluate supplier risks, and align data processing agreements (DPAs) with legal and privacy teams.
Experience managing customer assurance programs, responding to RFIs/RFPs, and supporting sales teams with security documentation and due diligence.
Skilled in security process governance - establishing approval workflows for new tools, integration