GRC Specialist

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?

We are seeking a GRC- Governance, Risk, and Compliance specialist to join our growing GRC Team. This is a fantastic opportunity to be part of a growing team and support the company as it grows and matures. If you're a team player, self driven, creative thinker, passionate about cybersecurity, and capable of blending a process-oriented mindset with a tech-oriented outlook, we are looking for you!

As a GRC specialist in JFrog you will...

• Maintain internal and external trust platforms, supporting ongoing customer due diligence activities including audits, questionnaires, and reviewing security contractual requirements.
• Provide training and guidance to sales teams on compliance-related matters and develop tools and resources to enable the sales team to efficiently respond to compliance inquiries from prospective and existing customers.
• Collaborate with cross-functional teams to support and enhance the overall GRC program.
• Ensure company policies, procedures, and controls are aligned with regulatory requirements and industry standards.
• Proactively gather customer feedback and stay abreast of industry trends to adapt and mature the GRC program accordingly.
• Implement improvements and updates to the program based on regulatory changes and customer requirements.
• Participating in risk assessment and risk management processes.
  
  

• Minimum 3 years as a cyber security / GRC specialist, expert or consulting
• Strong knowledge and hands-on experience with ISO 27001 and SOC 2 Type II
• Familiarity with additional security frameworks as well as privacy regulations and standards (NIST, CSA, CAIQ, SIG, GDPR, CCPA, ISO 27701) is an advantage.
• An excellent ability to communicate verbally and in writing
• Ability to work on multiple projects simultaneously
• Project management skills
• Self-driven and fast learner with a can-do approach
• Passionate about the team and responsibilities
• Experience auditing cloud environments
• Experience working with regulators and auditors
• Experience working with GRC tools