GRC Manager

The Role:

We are looking for an experienced GRC manager to lead the GRC domain reporting to Kaltura’s CISO.

As GRC Manager you will be responsible for assessing and documenting Kaltura compliance and risk posture as they relate to its information assets, you will be a liaison on the privacy domain between various business and technology units.

The candidate should have experience both as a security practitioner and consultant, profound security and privacy GRC related knowledge, and passion for cyber security.

Responsibilities require experience, as well as expertise to ensure effective system-wide security & risk analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.

The Day-to-Day:

• Evaluate the state of security and privacy from the GRC perspective, identifying gaps and opportunities and anticipating needs.
• Testing the design and operating effectiveness of technical and administrative security controls
• Designing and implementing data protection policies, processes, and procedures to align with Information Security policies and standards.
• Partner with various business units to ensure controls are adequate, appropriate, and effective.
• Support internal and external audit processes for relevant compliance programs such as SOC2, SOX and ISO.
• Perform security and compliance assessments on new and existing systems, processes, technology.
• Perform business impact analysis and assist with the development of the IT/InfoSec risk register.

Ideally, we’re looking for:

• Experience (At Least 3 years of experience) with legal and regulatory compliance standards such as SOX (ITGC), ISO, GDPR, CCPA, PCI-DSS, etc.
• Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework.
• Strong understanding of fundamental information security concepts and technology.
• Experience with IT governance, risk, and compliance management in a large global environment.

These would also be nice:

• Security-related certification, such as CISA or CISM.
• Experience with Privacy domain and PIA processes.

The perks:

1. Hybrid, flexible work environment
2. Extended private health (including mental) insurance
3. Personal and professional development programs
4. Occasional Cross company long weekends