GRC Specialist

Description:

We're looking for a GRC Specialist to join Global-e's cyber security department and manage Global-e's governance, risk and compliance (GRC) aspects from ground up. Build GRC processes, implement new producers and maintain technology systems to support GRC.

Responsibilities:

• Lead our compliance operations and audit plans including ISO 27001, SOC2, SOC3 and PCI-DSS.
• Conduct a risk assessment on systems, processes, vendors and maintain a security maturity program.
• Design and maintain security methodologies, policies and procedures including exceptions and suggestions for corrective actions.
• Be in charge of Third party risk management (TPRM)
• Plan, design and implement GRC tools.
• Plan design and implement continues compliance.
• Support sales teams, enabling them to respond to customers and prospect questionnaires and RFP's.

• 1 year of experience in a GRC role
• At least 1 year of experience in information security, risk management, privacy, and compliance.
• Strong understanding of information security and privacy frameworks and regulations, such as ISO27001, SOC 2, GDPR, NIST and PCI-DSS.
• Experience in leading at least one of the following audits: ISO 27001, PCI-DSS, SOC2 including evidence collection and reporting.
• Strong technical background in IT and Cloud – an advantage.
• Knowledge of risk assessment methodologies.
• Experience in the assessment of existing security controls and defining new controls and solutions.
• Strong oral and written communications and presentation skills.
• Relevant security and development certifications (QSA, Lead auditor, CISM, CISSP, OSCP, CEH) – an advantage.
• Experience in GRC frameworks and operating modern systems in a fast-paced, rapidly evolving company environment.
• Experience working in a global environment.
• Fluent English – Must.