Information Security Consultant

abra North is seeking an experienced and highly skilled Information Security Consultant (GRC) and Privacy Specialist with proven expertise in governance, risk management, compliance, and data protection.

📍 Central region | 🕒 Full-time | 🌐 Hybrid Work Model

Key Responsibilities:

• Lead certification and compliance programs for international standards such as ISO 27001, ISO 27799, and ISO 27017.

• Provide guidance on privacy and regulatory requirements, including GDPR and the Israeli Protection of Privacy Law (with emphasis on Amendment 13).
• Deliver CISO‑as‑a‑Service, including building and managing security programs, driving risk management activities, and presenting status and recommendations to executive leadership and boards.
• Conduct Cyber/IT Risk Assessments, perform Gap Analyses, and develop actionable remediation plans.
• Develop methodological frameworks, including security policies, procedures, and annual work plans aligned with industry best practices.
• Provide high‑level advisory support to align technical security solutions (EDR, DLP, Cloud Security, IAM, etc.) with regulatory and organizational requirements.
• Deliver cybersecurity and privacy awareness training for employees and management.

Requirements:

Must have:

• Academic degree in a relevant field, or completion of a recognized cybersecurity/information security program (200+ hours).
• 2+ years of experience in methodological consulting or in managing information security within organizations.
• Strong knowledge of ISO 27001 and familiarity with sector‑specific regulations (e.g., financial, healthcare).
• Proven experience in privacy compliance and understanding of the DPO role.
• Excellent writing skills in Hebrew and English, with the ability to produce professional policies and procedures.
• Solid understanding of IT environments and enterprise security technologies (EDR, DLP, IAM, Cloud Security).

Nice to have:

• Relevant certifications such as CISM, CISA, CIPP/E, CRISC.
• Experience working with regulators (e.g., the Israeli Privacy Protection Authority, Israel National Cyber Directorate).
• Consulting experience in the financial or healthcare sectors, including standards such as HIPAA or HITRUST.