דרושים » כספים וכלכלה » Information Security Risk & Compliance Expert

Were looking for an experienced and passionate Information Security compliance expert, to help drive organization wide security compliance and risks processes such as Risk Assessment, Mitigation Planning, Compliance with security standards, Internal and External Audits preparations and execution, and supporting customer Security requirements operations.

Responsibilities:
Planning, performing, and tracking cyber security gap analysis and risk assessment processes.
Performing internal & external, hands-on technical and procedural security audits.
Develop, implement and track technical risk control/mitigation plans.
Working with the company business owners and IT Business applications and infrastructure to implement security controls, solutions and software qualifications and compliance and monitoring.
Manage information security related tasks, track progress and report to management.
Plan and execute Security processes and InfoSec group controls.
Write, Update and implement security related procedures.
Lead audit and compliance activities as SOX, SOC2, ISO27001, FedRamp and more and provide Privacy technical guidance.
Contributor to GDPR and privacy, working closely with the company legal department.
Responsible to handle Internal and third-party security qualification processes, vendor risk management and assign required controls
Responsible on customers RFP security risk assessment questionnaire; in a business-driven approach and a prompt response time
Always pushing to modernize compliance solutions with efficiencies and business facing approach

Position Overview: Were looking for an experienced and passionate Information Security compliance expert, to help drive organization wide security compliance and risks processes such as Risk Assessment, Mitigation Planning, Compliance with security standards, Internal and External Audits preparations and execution, and supporting customer Security requirements operations.





Responsibilities:
* Planning, performing, and tracking Cyber security gap analysis and risk assessment processes
* Performing internal & external, hands-on technical and procedural security audits
* Develop, implement and track technical risk control/mitigation plans
* Working with the company business owners and IT Business applications and infrastructure to implement security controls, solutions and software qualifications and compliance and monitoring.
* Manage information security related tasks, track progress and report to management
* Plan and execute Security processes and InfoSec group controls
* Write, Update and implement security related procedures
* Lead audit and compliance activities as SOX, SOC2, ISO27001, FedRamp and more and provide Privacy technical guidance
* Contributor to GDPR and privacy, working closely with the company legal department.
* Responsible to handle Internal and third-party security qualification processes, vendor risk management and assign required controls
* Responsible on customers RFP security risk assessment questionnaire; in a business-driven approach and a prompt response time
* Always pushing to modernize compliance solutions with efficiencies and business facing approach

Office Location:
Petah Tikva

Medison offers hope to patients suffering from rare and severe diseases by forming partnerships with emerging biotech companies to accelerate access to highly innovative therapies in international markets. As the creator and leader of the global partnership category in the pharma industry, we strive to be Always Ahead and work relentlessly to bring therapy to patients in need, no matter where they live. Our values are at the core of every action we take, and we are committed to going above and beyond for the benefit of the patients we serve. We are a dynamic, fast-paced company, operating in over 25 countries on 5 continents. We are looking for out-of-the-box thinkers, people who are passionate, caring, agile and adaptive, to join us on our mission. If you are looking to make a difference in people's lives, we invite you to join us! We seek a motivated, process-oriented professional to join our global GRC and operational cybersecurity team. This is a multifaceted role, combining elements of operational information security, IT general controls (ITGC) oversight, and risk management.

Responsibilities:

* Strong understanding of cyber security frameworks and standards: In-depth knowledge of widely recognized frameworks such as NIST Cybersecurity Framework, ISO 27001, and SOC 2 TYPE 2, and an ability to apply them in practical scenarios to develop and implement robust security programs
* Experience with GRC tools and technologies: Practical experience utilizing GRC platforms and tools to automate and streamline compliance processes, manage audits, and track risk posture. Familiarity with reporting and dashboarding functionalities to provide insights into the organization's GRC maturity is also highly valued
* Proficiency in cyber security posture monitoring and control: Strong understanding of continuous monitoring strategies and technological controls to maintain and improve the organization's cyber security posture.
* Expertise in third-party risk management and supply chain security: Proven ability to manage, conduct, and oversee the security posture of critical vendors and third-party service providers. This includes developing and implementing vendor risk assessment frameworks, conducting security due diligence, and ensuring contractual security requirements are met to protect the supply chain.
* Comprehensive knowledge of regulatory compliance requirements: Up-to-date understanding of relevant data protection and privacy regulations. The ability to interpret these requirements and translate them into actionable organizational policies and controls is crucial.

City:
Petah Tikva

In this role, you will be part of global IT organization; You will lead a team that its responsibility is to manage IT security service operation in a proactive manner.

In this role, you will be working closely with other internal IT teams as well as extensive work with IT internal customers to adhere with business needs and committed IT security and service level.

Responsibilities:

Global responsibility for designing, building, maintaining, and securing CyberArk network and communication systems from strategy to delivery and service operations and related processes
Responsible for administering security-related infrastructure and applications, such as intrusion detection/prevention systems, EDR, DLP, firewalls, cloud security tools, and vulnerability scanners etc. Including defining and implementing the security systems configuration, policies and hardening based on security policies and operational considerations.
Work with CyberArk CISO to translate security policies into architecture and delivery.
Responsible for Security operation projects to design, implement and support security tools and systems. This will require you to lead projects or ensure the successful projects in this domain which are led by the team.
Managing a team of security system engineers
Responsible for building all the required governance methods and tools of the IT security service, in addition accountable to validate that CyberArk security services are fully updated, and all endpoints are fully in compliance.
Create and maintain technical documentation (e.g. designs, procedures) as needed.
Responsible to meet IT support service level targets and lead a proactive approach to improve the service level and the team efficiency.

As the Senior Director of Cyber Security Center , you will lead the frontline of our cyber defense strategy. You will build, manage, and continuously enhance a world-class capability that includes our Security Operations Center (SOC), Threat Hunting, and Threat Intelligence teams.

Youll be responsible for ensuring real-time threat monitoring, proactive hunting, and deep analysis of adversarial activity all while leveraging AI and automation to accelerate detection, decision-making, and response. You will drive the integration of AI/ML models and threat intelligence into SOC workflows, helping your teams stay ahead of evolving threats and reduce noise through intelligent alerting and prioritization.

Youll define the vision and operational model for modern, threat-informed defense, lead response to high-impact incidents, and collaborate across cyber protection, risk, and technology teams. Youll support the CISO providing insight into threat trends, AI-driven insights, and the overall health of cyber defense posture.


Key Responsibilities

Lead and mature global Cyber Security Center, including 24/7 Security Operations, Threat Hunting, and Threat Intelligence functions.
Establish strategic direction and operational excellence across detection, response, and threat analysis programs.
Oversee incident response efforts, ensuring coordinated investigation, containment, and remediation of security events.
Build and scale proactive threat hunting programs, using hypothesis-driven methods, advanced analytics, and threat behavior models.
Operationalize threat intelligence to improve detection coverage, prioritize threats, and anticipate adversary behavior.
Own the integration and optimization of detection technologies, including SIEM, SOAR, EDR, and threat intelligence platforms.
Define and track operational metrics, such as mean time to detect (MTTD), mean time to respond (MTTR), false positive rates, and threat coverage.
Foster strong partnerships across Cyber Protection, IT, Engineering, and Risk teams, enabling coordinated defenses and incident handling.
Lead, mentor, and grow a high-performing team of security analysts, hunters, and intelligence professionals.
Stay ahead of the evolving threat landscape, continuously evaluating new technologies, frameworks, and methodologies.

Design and deploy network & security systems (FWs, web filtering systems etc.) and networking infrastructure (LAN, WAN, routing protocols, failover mechanism, IPSEC, SSL VPNs).
Perform technical operations on various IP network elements of multiple networks.
Maintain the availability and performance of business-critical networks.
Define and enforce rules for various network security control systems such as: firewalls, virtual private networks.
Provide escalated support and troubleshooting to maintain high availability and performance of the security & network infrastructure.
Create and maintain detailed network & security documentation.
Keep a tight relationship with integrators & vendors to maintain upgrades, installs, downtime planning alongside exploration of new features & innovative solutions.
Evaluate, test and select enterprise networking & security hardware and solutions.

As a Senior PT Researcher, you will be the go-to-guy to find traditional and creative ways to break all kinds of products.

Make sure CYBR products are in a secure state by leading vulnerability research projects focused internally on the company products.
Present findings and work closely with software architects and development teams to ensure products are developed according to the best security standards.
Be a security research expert and stay up to date with new vulnerability research techniques that are being developed and published worldwide.
Through the year, include research work, and aim to discover innovative and creative security findings in CYBR products.

The Security Research Team Labs focuses on vulnerability research, identifying emerging threats and security gaps to enhance products and contribute to the broader security community. The team has deep expertise in low-level systems, operating systems, frameworks, cloud, and security research, applying this knowledge to critical security domains such as AI, Identity, and Privilege. The team has conducted cutting-edge research and presented findings on leading global stages, including Black Hat, DefCon, RSA, and more.

Lead and manage a team of vulnerability researchers and research projects.
Conduct hands-on vulnerability research across multidisciplinary attack vectors.
Support and guide research blog publications and conference presentations.
Invent new security layers to mitigate attack techniques, and surfaces discovered in research.
Write and review technical articles, and present research findings at security conferences.