Senior Security & Privacy Consultant - GRC & CISO Advisory

About the Position

As a Senior Security, Privacy & GRC Consultant, you support organizations in strengthening their security and privacy posture and maturing their governance, risk, and compliance capabilities. You act as a trusted advisor to senior stakeholders and contribute to CISO-level initiatives, helping clients design and improve practical security programs aligned with business needs and regulatory requirements.

The role combines strong GRC expertise with a solid understanding of enterprise IT security and security operations, enabling you to provide pragmatic, risk-based guidance that bridges governance and technical implementation. You will also support privacy governance initiatives, including Data Protection Officer (DPO) engagements 

Responsibilities

• Act as a security advisor to client leadership, supporting CISO-level initiatives and the development of security strategies, roadmaps, and risk management programs aligned with business objectives
• Support clients in strengthening their overall security posture across enterprise IT environments, including infrastructure security, identity and access management, and security operations
• Lead security risk assessments and gap analyses, and help prioritize remediation activities based on risk and business impact
• Conduct security architecture and design reviews, assessing system architectures, data flows, identity models, and trust boundaries from a security perspective
• Identify architectural and operational security risks and provide practical, risk-based recommendations for mitigation
• Lead and support governance, risk, and compliance initiatives, including ISO 27001 and SOC 2 readiness, implementation, and ongoing maintenance
• Develop and maintain security policies, standards, and governance processes, and support audit preparation and compliance activities
• Support privacy and data protection initiatives, including assisting with the Data Privacy Officer function and helping organizations align with applicable privacy regulations
• Communicate security risks and recommendations clearly to both technical and non-technical stakeholders, including senior leadership
• Lead security consulting engagements, managing timelines, deliverables, and coordination with client teams and internal specialists to ensure effective implementation of recommendations

Qualifications

• 5+ years of experience in cybersecurity, with responsibilities across governance, risk management, and security architecture
• Strong understanding of GRC practices, including governance frameworks, risk assessments, and control design
• Experience supporting or contributing to CISO-level initiatives such as security strategy, program development, and risk prioritization
• Hands-on experience with security standards and frameworks such as ISO 27001 and/or SOC 2
• Solid understanding of enterprise IT security, including infrastructure security, identity and access management, and security operations concepts
• Ability to review system architectures, data flows, and identity models to identify and assess security risks
• Experience communicating security risks and recommendations to both technical teams and executive stakeholders
• Familiarity with privacy and data protection requirements under Israeli law
• DPO experience or formal privacy training is an advantage
• Strong analytical skills and the ability to balance security risk, compliance, and business needs