Cyber Security Risk & Compliance Specialist (Office of the CISO)

At Bank esh, we don’t just think about what the future of banking will look like - we’re building it.

About Us

Our mission is to create a smart, efficient, and transparent banking experience that uses advanced technology to build genuine trust between people and their bank.We’ve already taken the first step: In December 2022, we were granted our license as a “bank in formation,” and we are now moving full speed ahead toward launching Israel’s new digital bank.

Join a team that’s not just building a bank - but shaping the future of finance.

Job Description

As a key member of the CISO’s office, you will play a vital role in ensuring organizational resilience through risk management, policy enforcement, and compliance with stringent financial regulations. This position focuses on providing high-level oversight of technological processes, supporting complex projects, and continuously enhancing the organization's defense posture.

Responsibilities

• GRC & Policy Leadership: Writing, implementing, and updating information security policies and procedures. Ensuring alignment with banking standards and regulatory requirements (e.g., Directive 364).
• Risk Assessment (CRA): Performing comprehensive cyber risk assessments for new systems and technological initiatives.
• Oversight & Monitoring: Analyzing SIEM/SOC findings and technical risks. Providing guidance to implementation teams to improve detection capabilities and log management.
• External Audit Management: Defining the scope and managing third-party security audits. Analyzing findings and tracking remediation efforts.
• Security Benchmarking: Conducting comparative analysis of security products and general software from an information security perspective.
• Detection Strategy: Formulating recommendations for log optimization, defining new alerts, and evaluating the effectiveness of existing control tools.
• Strategy & Awareness: Building the annual information security work plan, leading cyber simulations, and conducting organizational security awareness training.
  
  

• Professional Experience: 5+ years of experience in GRC, information systems auditing, or cyber risk management.
• Risk Management Expertise: At least 4 years of hands-on experience in risk assessments or IT auditing.
• Financial/Regulatory Background (Mandatory): Proven experience working in a regulated financial/banking environment under strict supervision (e.g., Proper Conduct of Banking Business).
• Technical Understanding (Oversight Level): Ability to review security configurations, read logs, and understand network architectures (hands-on configuration is not required).
• Exceptional Communication: High-level writing and drafting skills for complex procedures, official policies, and executive reports.
• AI Proficiency: Practical experience using AI tools (e.g., ChatGPT, Claude, Copilot) to optimize workflows, technical writing, or data analysis.
• Cloud Security: Familiarity with cloud security methodologies (Shared Responsibility Model) and SaaS/IaaS risk factors - an advantage
• AI Security: Initial familiarity with GenAI risks and mitigation (e.g., OWASP Top 10 for LLMs) - an advantage
• Benchmarking: Experience in performing Proof of Concept (POC) and comparative analysis of security products - an advantage
• Certifications: CISM, CISA, or CISSP - Significant Advantage.