Cyber Security Consultant

As a Security, Privacy & GRC Consultant, you support organizations in strengthening their security and privacy posture and maturing their governance, risk, and compliance capabilities.

You act as a trusted advisor to senior stakeholders and contribute to CISO-level initiatives, helping clients design and improve practical security programs aligned with business needs and regulatory requirements.

The role combines strong GRC expertise with a solid understanding of enterprise IT security and security operations, enabling you to provide pragmatic, risk-based guidance that bridges governance and technical implementation.

You will also support privacy governance initiatives, including Data Protection Officer (DPO) engagements

Responsibilities

● Act as a security advisor to client leadership, supporting CISO-level initiatives and the development of security strategies, roadmaps, and risk management programs aligned with business objectives

● Support clients in strengthening their overall security posture across enterprise IT environments, including infrastructure security, identity and access management, and security operations

● Lead security risk assessments and gap analyses, and help prioritize remediation activities based on risk and business impact

● Conduct security architecture and design reviews, assessing system architectures, data flows, identity models, and trust boundaries from a security perspective

● Identify architectural and operational security risks and provide practical, risk-based recommendations for mitigation

● Lead and support governance, risk, and compliance initiatives, including ISO 27001 and SOC 2 readiness, implementation, and ongoing maintenance

● Develop and maintain security policies, standards, and governance processes, and support audit preparation and compliance activities

● Support privacy and data protection initiatives, including assisting with the Data Privacy Officer function and helping organizations align with applicable privacy regulations

● Communicate security risks and recommendations clearly to both technical and non-technical stakeholders, including senior leadership

● Lead security consulting engagements, managing timelines, deliverables, and coordination with client teams and internal specialists to ensure effective implementation of recommendations

Qualifications

● 4+ years of experience in cybersecurity, with responsibilities across governance, risk management, and preferably security architecture

● Strong understanding of GRC practices, including governance frameworks, risk assessments, and control design

● Experience supporting or contributing to CISO-level initiatives such as security strategy, program development, and risk prioritization

● Hands-on experience with security standards and frameworks such as ISO 27001 and/or SOC 2

● Solid understanding of enterprise IT security, including infrastructure security, identity and access management, and security operations concepts

● Experience communicating security risks and recommendations to both technical teams and executive stakeholders

● Familiarity with privacy and data protection requirements under Israeli law

● DPO experience or formal privacy training is an advantage

● Strong analytical skills and the ability to balance security risk, compliance, and business needs