GRC Specialist

Summary

Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations more strict, organizations struggle to answer one key question: “Is my data safe?

At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe the most practical approach is protecting data from the inside out. We’ve built the industry’s first fully autonomous Data Security Platform to help our customers dramatically reduce risk with minimal human effort.

At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.

We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.

Job Overview:

We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.

Key Responsibilities:

• Develop, implement, and maintain GRC frameworks, policies, and procedures.
• Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
• Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
• Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
• Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
• Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
• Provide guidance and support to internal stakeholders on GRC-related matters.
• Stay up to date with industry trends and emerging threats to continuously improve the GRC program.
  
  

• Minimum of 3 years of experience in GRC, and information security.
• Strong knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001).
• Experience in responding to customer due diligence requests.
• Experience in conducting security audits such as SOC 2 and ISO 27000 family.
• Experienced with leading GRC platforms, covering third-party risk management, audit management, and security awareness programs.
• Excellent analytical, attention to detail, problem-solving, and communication skills.
• We are looking for a passionate candidate who can work independently and collaboratively as part of a team in a fast-paced environment.
• Relevant certifications such as CISSP, CISM, or CRISC are preferred.
• Highly advantageous experience with:
• ISO 42001 compliance, including implementation, documentation, and audit coordination.
• Payment Card Industry (PCI) standards.
• Business Continuity Management.
• Developing GRC platform automations, integrations, and workflows.