About Port

The developer experience, developer productivity and driving software quality are on top of every engineering leader’s mind.

At Port, we help engineering organizations excel through the use of our open internal developer portal, owned by platform engineering teams and built for developers. Port consolidates everything developers need to know and execute to deliver software autonomously and to comply with organizational standards. Managers use Port to understand engineering metrics and improve them.

We’re growing rapidly, fueled by the industry’s leading product, and by the constant innovation of our customers, big and small, that use our product to change how developers work.

Why we’re looking for you:

As our company continues to expand, we are looking for our first in-house GRC professional. You will be the go-to person for all GRC matters and a key player in shaping the company's GRC landscape.

As GRC Manager you will:

• Compliance Program Development: Develop and maintain an effective compliance program that ensures adherence to applicable laws, regulations, and standards, including GDPR, CCPA, Israeli Privacy Protection laws, ISO 27001, ISO 27017, SOC 2 Type II, and others.
• Support and facilitate customers' inquiries and questionnaires.
• Regulatory Oversight: Monitor and interpret changes in relevant laws, regulations, and industry standards, assessing their impact on the company's compliance obligations.
• Develop, implement, and manage policies, procedures, and controls to mitigate compliance risks and ensure adherence to industry standards and applicable laws and regulations.
• Reporting and Documentation: Prepare detailed compliance reports and documentation for the regulatory agencies, senior management, and other stakeholders.
• Internal Audits and Assessments: Conduct regular internal audits and risk assessments to identify potential compliance gaps and recommend corrective actions.
• Training and Awareness: Develop, deliver, and monitor compliance training programs for employees to ensure they understand and adhere to regulatory requirements and company policies.
• Incident Management: Investigate compliance-related incidents and breaches, ensuring timely resolution and reporting to the relevant functions.
• Identify and assess potential information security risks, provide recommendations for mitigation, and support risk owners in implementing measures to reduce risks to an acceptable level.
• Collaboration: Work closely with internal teams such as legal/ IT/ security/ R&D /operational teams to integrate compliance requirements into the company’s services and business processes.

Requirements:

• 3+ years of experience in a GRC position - Advantage for experience in the tech industry.
• Background in Law, Information Systems or related field.
• Previous experience with standards such as ISO 27001, SOC 2 Type II.
• High self-learning skills with a proactive approach to staying current with evolving GRC landscapes and best practices.
• Strong analytical, problem-solving, and organizational skills.
• A self starter, with excellent written and verbal communication skills.
• Has the ability to influence and collaborate across teams.
• Proven ability to manage multiple projects simultaneously and work in a fast-paced, dynamic environment.
• knowledge in Information Systems/ Security. - advantage
• Proven track record of working with multinational, global companies.
• Ability to thrive under pressure and work effectively, also within U.S. time zones.
• Fluent in English at a native or near-native level.