דרושים » כספים וכלכלה » Portfolio Risk Analyst

Medison offers hope to patients suffering from rare and severe diseases by forming partnerships with emerging biotech companies to accelerate access to highly innovative therapies in international markets. As the creator and leader of the global partnership category in the pharma industry, we strive to be Always Ahead and work relentlessly to bring therapy to patients in need, no matter where they live. Our values are at the core of every action we take, and we are committed to going above and beyond for the benefit of the patients we serve. We are a dynamic, fast-paced company, operating in over 25 countries on 5 continents. We are looking for out-of-the-box thinkers, people who are passionate, caring, agile and adaptive, to join us on our mission. If you are looking to make a difference in people's lives, we invite you to join us! We seek a motivated, process-oriented GRC Specialist to join our global GRC and operational cybersecurity team. This is a multifaceted role, combining elements of operational information security, IT general controls (ITGC) oversight, and risk management.

Responsibilities:

* Strong understanding of cyber security frameworks and standards: In-depth knowledge of widely recognized frameworks such as NIST Cybersecurity Framework, ISO 27001, and SOC 2 TYPE 2, and an ability to apply them in practical scenarios to develop and implement robust security programs
* Experience with GRC tools and technologies: Practical experience utilizing GRC platforms and tools to automate and streamline compliance processes, manage audits, and track risk posture. Familiarity with reporting and dashboarding functionalities to provide insights into the organization's GRC maturity is also highly valued
* Proficiency in cyber security posture monitoring and control: Strong understanding of continuous monitoring strategies and technological controls to maintain and improve the organization's cyber security posture.
* Proven ability to manage, conduct, and oversee the security posture of critical vendors and third-party service providers. This includes implementing vendor risk assessment frameworks, conducting security due diligence, and ensuring contractual security requirements are met to protect the supply chain.
* Comprehensive knowledge of regulatory compliance requirements: Up-to-date understanding of relevant data protection and privacy regulations. The ability to interpret these requirements and translate them into actionable organizational policies and controls is crucial.

City:
Petah Tikva

we are seeking a talented GRC Compliance Expert to join our Governance, Risk, and Compliance team.
This role is ideal for someone with a strong understanding of leading international standards and regulations (such as ISO 27001, SOC 2, PCI-DSS, and others) and a passion for building and maintaining scalable, enterprise-grade compliance programs.

Youll play a central role in ensuring ongoing organizational alignment with world-class frameworks while working closely with cross-functional teams to drive a culture of trust, risk awareness, and regulatory readiness.
We are especially looking for someone with hands-on experience implementing and maintaining PCI-DSS / SOC2 compliance, including managing assessments, evidence collection, and cross-functional collaboration.

Key Responsibilities

Ensure the companys continuous compliance with leading international standards and regulatory frameworks (e.g., ISO 27001, SOC 2, PCI-DSS).
Serve as a subject matter expert on PCI-DSS, including supporting annual assessments, gap analyses, and remediation planning.
Maintain, update, and improve internal GRC policies, controls, and documentation in line with global best practices.
Monitor changes in the regulatory and industry landscape and assess their applicability to operations.
Lead internal control mapping, gap assessments, and remediation tracking.
Coordinate audit readiness efforts and maintain supporting evidence for external assurance engagements.
Support risk management activities such as risk assessments, risk registers, mitigation tracking, and escalation workflows.
Collaborate with teams across Security, IT, Legal, Engineering, and Operations to align compliance and business needs.
Drive internal awareness and training initiatives on key compliance requirements and GRC processes.
Contribute to the maturity and automation of the GRC program using dedicated platforms/tools.

As a Third Party Risk Analyst you will be a key part of our small, high impact team. You will conduct in-depth due diligence reviews, manage third-party oversight programs, and ensure compliance with evolving regulatory requirements across multiple jurisdictions. You will be responsible for onboarding and periodic client reviews, maintaining internal procedures, and collaborating with cross-functional teams including Sales, Client Management, and Compliance.
What youll do
Research companies requesting our company services to determine whether they meet our compliance/regulatory standards.
Research and verify company information (i.e. lines of business, company incorporation, ownership validation, etc.).
Track internal reports (such as our clients periodic reviews).
 Interfacing with Account Management and Sales departments.
Assessing the ongoing behavior, performance and risk that our partners represent to us.
Manage administrative and back-office activities within the Third Party Risk Team.