סקירה כללית
Description This position should take ownership of the following key responsibilities: Policy & Governance Management * Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.). * Ensure version control, approval workflows, and cross-departmental adoption. * Lead annual policy reviews and align with new business or regulatory needs. Security Risk Management * Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains. * Track mitigation progress and report key risks to leadership. Compliance & Certification Programs * Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements). * Prepare evidence and documentation for internal and external audits. Vendor & Third-Party Risk Management * Oversee the Vendor Security Review process — reviewing new suppliers, SaaS tools, and renewals. * Monitor vendor security posture via SecurityScorecard or similar tools. * Ensure data processing agreements (DPAs) are aligned with legal. Customer & Partner Assurance * Manage all RFI / RFP / security questionnaire responses. * Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries). * Support Sales / Customer Success during security discussions. Security Process Governance * Define and enforce structured approval workflows for new tools, tokens, and architecture changes. * Integrate approvals into Jira or ServiceNow for traceability. * Collaborate with IT / AppSec / Legal for end-to-end governance. Awareness & Training * Drive company-wide security awareness campaigns. * Onboard new hires with security and compliance training. * Ensure developers and business teams understand their compliance obligations. Metrics & Reporting * Define KPIs for compliance maturity, audit readiness, and risk reduction. * Deliver quarterly GRC posture updates to the CISO / Security Steering Committee. Requirements * 5–8 years of experience in Governance, Risk, and Compliance (GRC) or Information Security management, preferably within a technology or SaaS organization. * Proven track record of developing, implementing, and maintaining security policies and frameworks (e.g., ISO 27001, SOC 2, GDPR, NIST). * Hands-on experience owning and managing a corporate risk register, driving risk assessments, and ensuring timely mitigation across multiple business domains. * Strong background in compliance management, including preparing evidence and documentation for both internal and external audits. * Demonstrated ability to lead vendor and third-party security assessments, evaluate supplier risks, and align data processing agreements (DPAs) with legal and privacy teams. * Experience managing customer assurance programs, responding to RFIs/RFPs, and supporting sales teams with security documentation and due diligence. * Skilled in security process governance — establishing approval workflows for new tools, integrations, and architectural changes, and embedding controls into systems like Jira or ServiceNow. * Proven ability to drive security awareness initiatives, design training programs, and communicate compliance responsibilities effectively across departments. * Experience defining and reporting KPIs and metrics related to compliance maturity, audit readiness, and overall risk posture. * Strong collaboration skills — capable of partnering with cross-functional stakeholders (Engineering, IT, Legal, AppSec, and Product) to strengthen the organization’s security and compliance posture.
דרישות המשרה
Policy & Governance Management * Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.). * Ensure version control, approval workflows, and cross-departmental adoption. * Lead annual policy reviews and align with new business or regulatory needs. Security Risk Management * Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains. *
