Information Security GRC Lead

Company Overview:

Cellebrite’s (Nasdaq: CLBT) mission is to enable its global customers to protect and save lives by enhancing digital investigations and intelligence gathering to accelerate justice in communities around the world. Cellebrite’s AI-powered Digital Investigation Platform enables customers to lawfully access, collect, analyze and share digital evidence in legally sanctioned investigations while preserving data privacy. Thousands of public safety organizations, intelligence agencies and businesses rely on Cellebrite’s digital forensic and investigative solutions—available via cloud, on-premises and hybrid deployments—to close cases faster and safeguard communities.

To learn more, visit us at www.cellebrite.com, https://investors.cellebrite.com/investors and find us on social media @Cellebrite.

Position Overview:

We’re looking for an experienced and passionate Information Security compliance expert, to help drive organization wide security compliance and risks processes such as Risk Assessment, Mitigation Planning, Compliance with security standards, Internal and External Audits preparations and execution, and supporting customer Security requirements operations.

Responsibilities:

• Planning, performing, and tracking cyber security gap analysis and risk assessment processes
• Performing internal & external, hands-on technical and procedural security audits
• Develop, implement and track technical risk control/mitigation plans
• Working with the company business owners and IT Business applications and infrastructure to implement security controls, solutions and software qualifications and compliance and monitoring.
• Manage information security related tasks, track progress and report to management
• Plan and execute Security processes and InfoSec group controls
• Write, Update and implement security related procedures
• Lead audit and compliance activities as SOX, SOC2, ISO27001, FedRamp and more and provide Privacy technical guidance
• Contributor to GDPR and privacy, working closely with the company legal department.
• Responsible to handle Internal and third-party security qualification processes, vendor risk management and assign required controls
• Responsible on customers RFP security risk assessment questionnaire; in a business-driven approach and a prompt response time
• Always pushing to modernize compliance solutions with efficiencies and business facing approach
  
  

• 3+ years of experience in security Governance, Risk and Compliance in hi-tech global company.
• Proven experience with security compliance audit and management (NIST, ISO, SOC2, SOX, FedRamp and/or DoD)
• Hands-on experience with ISMS in audits, Security Risk Management, and mitigation planning
• Experience in working with customers and 3rd party qualification processes
• Experience in cloud security compliance and risks
• Background and experience in R&D infrastructure (an advantage).
• Familiar with security vulnerabilities, trends, tools and practices
• Professional certifications as Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Security Professional (CISSP) – an advantage
• Ability to multi-task in a dynamic work environment
• Ability to motivate others in a matrix management structure
• A true team player and easy to collaborate with A true proactive and “can do” approach
• High level English with an emphasis on writing skills