עדיין מחפשים עבודה במנועי חיפוש? הגיע הזמן להשתדרג!
במקום לחפש לבד בין מאות מודעות – תנו ל-Jobify לנתח את קורות החיים שלכם ולהציג לכם רק הזדמנויות שבאמת שוות את הזמן שלכם מתוך מאגר המשרות הגדול בישראל.
השימוש חינם, ללא עלות וללא הגבלה.
We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.
The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.
RESPONSIBILITIES
Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support security and privacy obligations.
Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
Manage customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.
The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.
RESPONSIBILITIES
Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support security and privacy obligations.
Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
Manage customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.
Requirements:
5+ years of experience in GRC, security compliance, or audit within a cloud-native or SaaS environment.
Proven track record supporting and maintaining certifications such as SOC 2 Type II, ISO 27001, 27017, and 27018.
Strong understanding of the NIST Cybersecurity Framework and CIS Critical Security Controls as applied in modern SaaS/cloud environments.
Familiarity with privacy management standards such as ISO 27701, ISO 29134, or equivalent frameworks (e.g., NIST Privacy Framework, GDPR Art. 35 PIAs)
Hands-on experience with GRC automation tools (e.g., Drata, Vanta, Tugboat Logic, OneTrust).
Excellent communication skills, particularly for external audit and customer diligence engagements.
Strong organizational and project management capabilities, with an ability to coordinate across functions and meet deadlines.
5+ years of experience in GRC, security compliance, or audit within a cloud-native or SaaS environment.
Proven track record supporting and maintaining certifications such as SOC 2 Type II, ISO 27001, 27017, and 27018.
Strong understanding of the NIST Cybersecurity Framework and CIS Critical Security Controls as applied in modern SaaS/cloud environments.
Familiarity with privacy management standards such as ISO 27701, ISO 29134, or equivalent frameworks (e.g., NIST Privacy Framework, GDPR Art. 35 PIAs)
Hands-on experience with GRC automation tools (e.g., Drata, Vanta, Tugboat Logic, OneTrust).
Excellent communication skills, particularly for external audit and customer diligence engagements.
Strong organizational and project management capabilities, with an ability to coordinate across functions and meet deadlines.
This position is open to all candidates.
במקום לחפש לבד בין מאות מודעות – תנו ל-Jobify לנתח את קורות החיים שלכם ולהציג לכם רק הזדמנויות שבאמת שוות את הזמן שלכם מתוך מאגר המשרות הגדול בישראל.
השימוש חינם, ללא עלות וללא הגבלה.
הרצליה
Pontera
Pontera
