GRC Specialist

About the Role

We are looking for a talented and motivated GRC Specialist to join our Information Security team. In this role, you will play a key part in leading our governance operations, regulatory compliance, vendor management, and information risk management. You will work closely with the CISO and cross-functional teams to implement and maintain security policies and controls across the organization.

This is an excellent opportunity for someone early in their cyber security career who wants to grow within a dynamic technological environment and gain hands-on experience in information security risk management, corporate governance, and supply chain security.

Location: Airport City (Full-time, On-site).

Key Responsibilities

• Governance & Compliance: Professionally manage the organization’s governance, regulation, and compliance frameworks. Implement and maintain compliance programs for leading standards including ISO 27001, the Israeli Privacy Protection Act and its regulations, GDPR, and other relevant frameworks.
• Supply Chain Risk Management (SCRM): Take end-to-end responsibility for vendor risk management, including vendor classification, conducting security assessments, and supporting procurement and contracting processes.
• Audits & Risk Assessments: Plan and support internal and external audits regarding cyber security, privacy, and regulatory compliance. Coordinate risk assessments, penetration testing (PT) logistics, and security questionnaires.
• Policies & Procedures: Review, update, and maintain information security and privacy policies, procedures, and organizational standards.
• Cross-functional Collaboration: Partner closely with various organizational units, including Infrastructure, Digital, Legal, and business departments.
• Security Awareness: Lead and promote cyber security awareness programs and training across the organization.
• Regulatory Monitoring: Track upcoming regulatory changes, analyze their potential impact on the company, and update internal processes accordingly.

Requirements

• Experience: 1–3 years of hands-on experience in GRC, IT risk management, or IT Audit roles.
• Regulatory Knowledge: Proven familiarity with compliance frameworks and regulations such as ISO 27001, the Israeli Privacy Protection Act, and GDPR.
• Vendor Risk Expertise: Strong understanding of SCRM processes, vendor risk analysis, and integrating security controls into procurement and contracts.
• Analytical Skills: Strong analytical thinking with the ability to solve complex problems and maintain a system-wide perspective.
• Interpersonal & Adaptive Skills: Ability to thrive in a multi-interface environment, perform under pressure, demonstrate strong self-learning capabilities, and stay up to date with technology trends.
• Languages: Excellent communication skills (both written and verbal) in English and Hebrew.

Advantages

• Basic familiarity with cloud environments (specifically AWS).
• Hands-on experience with dedicated GRC platforms or regulatory automation tools.
• Technological orientation toward AI – experience utilizing AI tools (such as Claude) to build automated workflows for evidence collection, reporting, and process optimization.
• Relevant professional courses or certifications (e.g., CISA, ISO 27001 Lead Implementer/Auditor, or equivalent).