SecOps GRC Analyst

Perion is a global advertising technology company delivering solutions to the biggest brands and publishers around the globe across search, social media and display, video, CTV, and programmatic DOOH.

Home to an award-winning technology solution. With our unique data-driven AI/ML based technologies, we deliver and optimize hundreds of terabytes of data and billions of events per day. We're working with dozens of sources to provide a superior experience across screens and platforms, including mobile, video, social and native.

Role Overview

Perion is seeking a SecOps GRC Analyst to own our third-party risk management program and drive compliance across key regulatory and audit frameworks. This role sits at the intersection of security operations, risk governance, and privacy engineering, and requires someone who can translate complex compliance requirements into practical, scalable controls in a fast-moving adtech environment.

Key Responsibilities

• Own and mature the Third-Party / Supply Chain Risk Management (TPRM) program - including vendor onboarding assessments, ongoing monitoring, and contractual security requirements
• Lead SOC 1 and SOC 2 Type II audit readiness, evidence collection, and liaison with external auditors
• Support SOX IT General Controls (ITGCs) - including access management, change management, and financial system controls in coordination with Finance and Internal Audit
• Drive privacy engineering initiatives aligned with GDPR, CCPA, and other privacy frameworks
• Maintain and continuously improve the GRC platform, including the risk register, control library, policy lifecycle, and exception management
• Conduct security risk assessments for new products, vendors, and infrastructure changes
• Partner with Legal, Finance, R&D, and IT on compliance obligations, data processing agreements (DPAs), and security questionnaires
• Monitor the threat landscape for supply chain vulnerabilities (e.g., software dependencies, SaaS integrations) and escalate material risks

Required Qualifications

• 4+ years in a GRC, security compliance, or risk management role
• Hands-on experience with SOC 2 and/or SOX ITGC audits including evidence preparation and auditor management
• Demonstrated ownership of a TPRM or vendor risk program
• Familiarity with privacy regulations (GDPR, CCPA) and their application to data-driven or adtech products
• Strong written communication skills - able to produce clear policies, risk reports, and audit artifacts
• Experience with GRC tooling (e.g., Panorays, Drata, OneTrust, or equivalent)
• Relevant certifications a plus: CISA, CRISC, CIPP, or SOC 2 Lead Auditor