דרושים » אבטחת מידע וסייבר » GRC Expert

We are looking for a motivated, energetic and experienced Information Security Manager (ISM) to be part of our information security journey and take the lead in the security GRC and awareness domains. Take ownership of your domain and oversee information security through the development of policies, training initiatives, establishment of vendor security assurance, advancement of company awareness, and the development of security and privacy compliance certificates and audits.

As a key role within the Information Security team, the ISM position requires a working knowledge of information security systems and technologies. The ISM will proactively work with all teams and departments to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of security-related risk management activities.

The ISM will serve within the Governance, Risk, and Compliance (GRC) team as the process owners of GRC activities related to the availability, integrity and confidentiality of customers, business partners/vendors, employees, and business information in compliance with the organization's information security policies. The ISM must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.
What you will be doing:
Manage Forters GRC program, ensuring compliance with SOC2, ISO 27001/27701 and PCI-DSS, while enhancing process efficiency through the implementation of automation.
Review, update, and create policies and procedures to ensure alignment with customer requirements, certifications, and regulations.
Respond to security questions and questionnaires from company prospects and customers, providing support for company operations.
Conduct routine internal security reviews.
Manage information security risk activities, including conducting annual risk assessments, performing root cause analysis, and overseeing remediation activities.
Lead the vendor security program - Assess the security and compliance of vendors.
Responsible for the security awareness program, conducting training sessions, quizzes, and drills.
Continuously enhance the security standard of solutions by developing / implementing open-source / third-party tools to assist in detection, prevention and analysis of security threats, manage internal and external pen testing and test security products and evaluate them.
Provide technical answers and assist sales teams with RFPs / RFIs / RFQs and sales efforts.

We are looking for a SecOps Director.
In this role, you will be responsible for:
Aligning vulnerability management functions with the organization's overall business objectives by reducing information technology threat
Improving & maturing established security metrics associated with vulnerability management, security operations center, security monitoring, etc.
Overseeing projects for deploying new cyber security tools and processes
Leading successful projects, ensuring high quality and timely delivery of features
Ensuring the team builds operational processes that are architecturally consistent, of high quality, and that follows operational best practices
Overseeing the development and implementation of appropriate and effective controls to mitigate identified threats and risk
Have fingerprints on building the future of Gates' cyber security organization.
Collaborate and engage with key business stakeholders, including technology peers to help them better manage their technology risk through pragmatic and fit for purpose solutions.
Be responsible for auditing, assessing & architectural recommendations as it pertains to our technical cyber security infrastructure while helping to continuously improve our Cybersecurity maturity and defensive posture.
Work with our internal stakeholders to provide support related to security functions and technologies including Privileged Access Management (PAM), Threat hunting management, SSO/MFA, Active Directory, Windows/Linux OS hardening, vulnerability remediation, EDR, SOC oversight, security metrics, E-Discovery and incident response

A global technology company in the payments industry. Our mission is to connect
and power an inclusive, digital economy that benefits everyone, everywhere by making
transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships
and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our
company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Overview-
looking for an Information Security Lead to steer the organizations information security, data security and risk management. The Information Security Lead will work with various departments in and implement the organizations best practices. This role will report to the VP technologies operations organization.
Role-
Developing, implementing, and monitoring a strategic, comprehensive enterprise information security and IT risk management program that aligns with the organizations business objectives and regulatory requirements. The program is required to align with corporate strategy and directives.
Providing and approving security related items in RFP responses and contract negotiations. Joining customer calls to explain our security position and understand the customer needs.
Partnering with business units and stakeholders across the organization to facilitate risk assessment and risk management processes, and to raise awareness of security issues and best practices.
Establishing and maintaining an information security management framework that incorporates industry standards and best practices and lead compliance audits for ISO/IEC 27xxx, SOC II and other security certifications.
Assisting in the selection, implementation, and maintenance of security technologies, tools, and processes that support the organizations security goals and policies.
Responding to security incidents and breaches, and coordinating with internal and external parties to investigate, contain, remediate, and report on them.
Evaluating and reporting the organizations security posture and performance, and provide regular feedback and recommendations to senior management.
Staying abreast of current and emerging security threats, trends, technologies, and best practices, and ensuring that the organization adapts accordingly.
Sourcing and selecting vendors and service providers that offer security solutions or support.

we are looking for a Senior Security Engineer.
The Security Architect plays a pivotal role in defining and advancing our
security posture.
This individual will lead and manage security projects from inception to rollout and will be responsible for designing, developing, and implementing a robust security architecture aligned with our business goals and risk management strategies. Adept at data security and well-versed in emerging cybersecurity trends, the ideal candidate will ensure the resilience and security of our systems against evolving threats.
Responsibilities:
Design and Develop Security Architecture:
Lead the development and maintenance of a comprehensive security architecture framework, aligning with our business objectives and risk tolerance.
Design security models and controls, ensuring the security, integrity, and confidentiality of sensitive data and our systems.
Security Solutions & Project Management:
Evaluate, recommend, and lead the implementation of advanced security solutions.
Manage security projects from inception to rollout, collaborating with IT, development, and various business units to ensure secure and timely delivery.
Threat and Risk Assessment:
Proactively identify and assess security risks, vulnerabilities, and formulate mitigation strategies.
Conduct regular vulnerability assessments and drive remediation activities, focusing on data security aspects.
Policy Development and Compliance:
Develop, refine, and maintain security policies, standards, and procedures with an emphasis on data security.
Ensure compliance with internal security policies and applicable laws and regulations, addressing both organizational and data-centric security needs.
Stakeholder Collaboration & Communication:
Engage with a range of stakeholders including CISO, IT, legal, and business units, to align security initiatives with business goals.
Clearly communicate security concepts, risks, and mitigations to both technical and non-technical stakeholders.
Security Awareness & Culture:
Develop and deliver security awareness training focusing on data security.
Foster a culture of security mindfulness across the organization.

We are looking for an exceptional Senior Security Engineer to join our growing team. For the first 6 months you will:
Bolster and develop our defensive security capabilities, identifying advanced threats to us, developing and implementing countermeasures
Responding to incidents and conducting investigations as events happen through analyzing logs and various other sources (ex: AWS Guardduty, SecurityHub, Detective, etc.)
Engineer and automate custom detection and response capabilities to combat malicious and/or unwanted behaviors within the environment
Stay up to date with Tactics, Techniques, and Procedures (TTPs) that may apply to us and define and implement mitigation techniques to improve our overall risk posture
You will be part of a new product security team responsible for building, supporting, enhancing and improving our security frameworks, tools, processes and methodologies used across our SDLC and Runtime environments.
In this role, you will also be responsible to:
Conduct in-depth vulnerability assessments and security auditing of assets
Develop and improve processes for incident detection and the execution of countermeasures
Contribute to the creation and upkeep of run books to handle security incidents
Administer security configuration for threat management platforms for large-scale environments, including security orchestration, automation, and response (SOAR) and security information and event management (SIEM) tools
Contribute and showcase as a SOAR platform used within our Security Operations
Provide guidance on security architecture for threat detection and response systems used as a part of the overall security operations
Consult with our security compliance team during security audits to demonstrate our technical security capabilities
Collaborate with Product Management and Development team members to enhance our Security program
Take part in the Security Operations on-call rotation, including leading all incident response efforts and documentation during your rotation

we are looking for a Cyber Security Consultant to perform a range of expert level services. The successful candidates should have experience both as a security practitioner and security consultant, profound technological cyber knowledge and passion for cyber security. In addition, they should have a service approach, excellent communication skills and the ability to learn and work with the best in the field.

Main Responsibilities:

Evaluate the state of security, configurations, and security strategy, identifying gaps and opportunities and anticipating needs
Consult in cyber security engagements, including development of a cyber security plans and design implementation, and provide guidance on building security
Recommend cyber security strategies, policies, and procedures
Develop and support clients with internal training to assure deep understanding of fundamental cyber security practices, risks, and recommended mitigation tactics
Create expert-level deliverables, and present results of the assessment to a broad range of clients and design plans to address specific cyber risks and vulnerabilities
Collaborate with the cyber experts team in the development and implementation of cyber assessment tools, services, and best practices

We are looking for talented security researchers, people who look at the world differently, who explore, "hunt" and live to beat the system and challenge it. People who are in pursuit of outsmarting the malware and overcoming it.
Youll be part of an exceptional research team that will ensure we provide the best detection, protection, and visibility capabilities to our customers at any given time. The team leads the vulnerabilities, exploits and anti-tampering research for all of our security products under all platforms. The team does it by performing in-depth analysis and research of vulnerabilities and exploits, while also being responsible for closing the loop through the development and deployment of detection assets to millions of endpoints across the globe. Youll be working closely with other detection teams to ensure our customers get the best security products they can. Your time will be focus on research and detection & protection assets.
Research
Assessing and evaluating our detection and protection coverage against in the wild vulnerabilities, exploits, and anti-tampering techniques.
Closing the loop by conducting research to discover and implement innovative solutions for these security challenges.
Initiate and propose new features and capabilities, leveraging personal experience and expertise in security research.
Perform strategic long-term research projects that involve deep research of OS internals, new detection techniques, and novel threats.
Continually learn about emerging vulnerabilities, exploits, threats, techniques, and new technologies on a regular basis.
As a security research expert, youll collaborate with many teams to help and support their work using your expertise, knowledge, or research.
Detection And Protection assets
Youll be responsible for developing the new detection content for all of our engines that will improve our detection, protection, and visibility, reaching all of our millions of endpoints across the globe.
Youll be responsible for the quality and accuracy of the deliverables that youll create and be accountable for them.
Youll create, maintain, and improve existing infrastructure and tools that are being used by the team.
You will also be encouraged to write white papers, blogs, and articles (but only if you wish to).

we are looking for highly capable Incident Response Expert. The Incident Response Expert role includes conducting in-depth forensic analysis, investigation and response to real-world cyber threats. A significant part of our investigations is performed onsite at the client location, in collaboration with the clients IT and security teams.

Main Responsibilities

Participate in forensic and incident response investigations, including large scale sophisticated attacks, conduct log analysis, host and network-based forensics and malware analysis.

Participate in threat hunting: proactively hunt for targeted attacks and new emerging threats in clients networks; as well as security assessments and simulations.

Identify indicators of compromise (IOCs) and tools, tactics, and procedures (TTPs) to help ascertain whether and how breaches have occurred.

Utilize and develop tools and methodologies to improve existing investigative and hunting technological stack.

Collaborate with IT and Security teams during investigations.

Generate and present a comprehensive and professional report of findings from investigations.

we are looking for an Incident Response Team Leader to lead investigations and response activities in support of organizations worldwide.

Cyber threats are constantly growing in volume, velocity and sophistication. When an organization is confronted with an advanced attack, it needs the strongest capabilities on its side. In many cases, an incident response engagement is in fact a battle within a network. The operational art, experience, focus, and speed of response teams can mean the difference between a minor blow, and a devastating impact on an organizations performance and reputation.

The Incident Response Team Leader will be key to the success of Incident Response projects worldwide, and should possess strong leadership skills, be highly technical and thrive in a fast-paced and dynamic environment.