דרושים » אבטחת מידע וסייבר » GRC Specialist

Were looking for a highly skilled Cybersecurity Governance, Risk, and Compliance Engineer with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

We're looking for a GRC Program Manager to drive FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.

FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.
What you'll do

Lead the FedRAMP project from kickoff through ATO: schedule, documentation, 3PAO engagement, and agency coordination.
Own the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all readiness deliverables.
Manage the 3PAO relationship, coordinate assessments, and drive remediation efforts.
Build and maintain the compliance evidence repository and continuous monitoring program.
Manage cross-team milestones, track control implementation progress, and identify blockers.
Develop repeatable processes and frameworks to sustain compliance post-authorization.
Partner with Engineering, Security, IT, and Product to translate NIST 800-53 controls into technical implementations.
Lead internal readiness assessments and gap analyses.

We are seeking a highly skilled and experienced Information Security Specialist to join


As the Information Security Specialist, you will be responsible for designing, implementing, and maintaining robust security measures to protect our assets and data. Working closely with various international stakeholders to integrate security best practices in all stages of the design and operating model, from design and deployment to monitoring and incident response.

What You'll Do:

Design and maintain the security model, ensuring alignment with best practices and regulatory requirements.
Manage and maintain security, including the site and endpoints employees use.
Assist with the deployment and assurance activities associated with Security controls with Autofleet. .
Continuously monitor environments, detect threats, and lead effective incident response and remediation efforts.
Ensure compliance with global standards (e.g., GDPR, ISO 27001, NIST) by driving audits, risk assessments, and security governance processes.
Co-ordinate offensive security activities including penetration testing, red team exercises, and third-party risk evaluations.
Drive continuous improvement of security operations, championing automation, zero-trust architecture, and emerging security capabilities.

We seek a dedicated and proactive Senior SecOps Engineer to join our InfoSec team and take ownership of all security-related tasks across the organization.
In this role, you will be key in aligning security goals with infrastructure, R&D and IT requirements. You will be responsible for integrating security into our CI/CD pipelines, managing cloud infrastructure security, ensuring compliance with security standards, and protecting our infrastructure from vulnerabilities.
A day in the life and how youll make an impact:
Implement and manage security tools such as static code analysis, cloud posture monitoring, and penetration testing tools.
Embed security into the DevOps lifecycle, including CI/CD pipelines, IaC (Infrastructure as Code), and software development workflows.
Design and enforce security policies for cloud architecture, ensuring secure configurations and monitoring.
Lead incident response activities, vulnerability management, and forensic investigations to mitigate threats.
Drive compliance efforts (ISO 27001, SOC 2, GDPR, etc.) and audit readiness for the organization.
Work closely with stakeholders (CISO, COO, System Architects, DevOps, IT, Finance, HR, etc) to identify requirements and prioritize security needs.
Continuously monitor systems and infrastructure for vulnerabilities, intrusions, and misconfiguration.
Perform or manage penetration testing initiatives to identify security weaknesses.

We are looking for a T & Security Operations Specialist.
Responsibilities:
Lead and manage E2E complex projects in the IT, IS and Security department
Coordinate and work closely with security teams
Establish effective relationships with stakeholders, communicate project updates and risks, collaborate with business units to understand their needs.
Develop and maintain project documentation, prepare reports and departments statistics.
Experience in managing projects related to security infrastructure, compliance, risk, GRC, IAM, or cloud security

We are seeking a customer-focused Security Analyst to join our managed services team. As a Customer-Facing Security Analyst, you will play a critical role in delivering top-notch exposure remediation services to our clients. You will work closely with customers to assess, analyze, and mitigate exposures in their IT and cloud infrastructure, while providing expert guidance and maintaining strong client relationships.

Responsibilities:

Own and manage the primary technical relationship for a portfolio of enterprise customers, establishing yourself as their trusted security advisor and focusing on strategic security outcomes.
Deliver continuous security posture assessments by leveraging the platform to translate complex technical findings into actionable, risk-based insights for customers.
Master the platform to drive maximum value for customers, guiding them on configuration, best practices, and new features to ensure successful adoption and ROI.
Drive remediation outcomes by acting as the liaison between customers and their internal teams (e.g., IT Operations, DevOps, Cloud Security), helping them prioritize efforts based on attack path analysis.
Proactively track and report on progress, delivering regular status updates and executive-level business reviews (QBRs) that demonstrate risk reduction and program success.
Act as a trusted advisor on exposure and attack path management, translating industry trends into proactive, tailored recommendations that enhance your customers' security posture.
Partner with the broader account team, including Customer Success Managers and Support Engineers, to ensure a seamless customer experience. Act as the lead technical escalation point to resolve complex challenges and champion customer needs with internal teams like Product and R&D.

We're looking for a Corporate Systems Administrator to own Port's internal IT systems, identity lifecycle, and governance processes as we scale globally and progress toward FedRAMP authorization.

Port is expanding rapidly into enterprise and federal markets, and we're managing an increasingly complex and sensitive SaaS and infrastructure environment. We need a leader who can build scalable processes, strengthen our security and compliance posture, and ensure our internal systems evolve to support fast, high-quality growth.

In this role, you'll partner closely with Security, GRC, Engineering, and Finance to implement best-practice controls, automate lifecycle workflows, and drive operational excellence across the company.



Who you'll work with

You'll report to the Head of IT and work closely with the CIO, Security team, GRC Program Manager, and Engineering/DevOps teams. You'll partner with business system owners across all departments to ensure governance standards are met. You'll also work with Finance on procurement and vendor management.



What you'll do
Own the IT systems & employee lifecycles - manage identity lifecycle, MDM, endpoint security, and SaaS access management across the company.
Implement and maintain GRC-related IT controls, including SSO, encryption, device posture enforcement, and centralized logging.
Collaborate with Security and GRC teams to ensure compliance with access, backup, and configuration standards.
Lead internal IT audits and manage evidence collection efforts for FedRAMP, SOC 2, and other compliance initiatives.
Partner with business system owners to uphold governance best practices and ensure systems align with security and compliance requirements.
Maintain and evolve the SaaS catalog, ensuring continuous review of ownership, access controls, and lifecycle management.
Drive the SSO roadmap, integrating the majority of our SaaS applications into a unified identity platform.
Represent IT in the SaaS procurement process to ensure tools meet governance, security, and integration standards.
Develop and scale IT governance processes, automating workflows such as new system onboarding and access provisioning.
Continuously strengthen our enterprise IT governance and security posture as the company grows.

We are looking for an experienced Security Architect to lead the design and implementation of advanced security solutions across our infrastructure, products, and cloud environments. In this role, you will work closely with engineering, DevOps, product, and SOC teams to ensure end-to-end protection, threat resilience, and security-by-design architecture.

Your Chain of Impact:

Design and implement scalable, secure architectures across cloud, application, and data environments
Lead security reviews, threat modeling, and risk assessments for new and existing systems.
Collaborate with R&D and DevOps to embed security best practices into development and deployment processes.
Define and maintain security standards, policies, and frameworks (Zero Trust, IAM, network controls, data protection, etc.)
Oversee integration of security controls, monitoring systems, and automated detection capabilities.
Partner with SOC teams to enhance detection, response, and incident management workflows.
Evaluate new security tools and technologies; lead POCs and drive strategic decisions.
Provide security guidance during architecture planning, code reviews, and product design.

We are seeking a hands-on and pragmatic security leader to oversee our information security program. You will ensure our systems, employees, and data remain secure while aligning risk management with business priorities. Youll lead compliance initiatives, drive security awareness, and embed security into company processes without slowing down innovation.

What you'll be doing:

Own and evolve the companys information security strategy aligned to business objectives.
Lead security operations: incident response, vulnerability management, IAM, and vendor risk assessments.
Ensure compliance with SOC 2, ISO 27001, and other customer/partner security requirements.
Partner with Product & Engineering to integrate security by design.
Manage relationships with security vendors, auditors, and consultants.
Conduct regular employee security training and awareness campaigns.
Report on risks, metrics, and posture to the executive team and board.
Build and mentor a small security function (team or outsourced model).

We're looking for an Infrastructure Security Architect to join us. In this role, you will design and validate secure cloud and corporate infrastructures, drive security best practices, and solve complex network and cloud-security challenges across the organization.
Responsibilities:
Design and architect secure infrastructures across cloud, and corporate environments, with strong emphasis on scalable AWS networking.
Lead network-security architecture reviews for new and existing technologies, systems, and product features.
Develop and maintain security reference architectures, guidelines, and best practices for cloud and network environments.
Review, design, and enhance cloud network architecture (VPC topology, segmentation, routing, connectivity, hardening).
Evaluate and run PoCs for security and cloud-networking products to strengthen our companys cloud security posture.
Perform Infra threat modeling and risk assessments for network and cloud architecture designs.
Collaborate with DevOps, SRE, R&D, and IT to integrate security into infrastructure design, deployments, and engineering processes.
Troubleshoot complex network and cloud-security issues across corporate and product environments.
Oversee IoT network security, including segmentation and monitoring strategies.
Provide clear, structured feedback to product teams on architecture, design trade-offs, and real-world operational impact.
Act as a senior escalation point for network-related security alerts and incident response within the security operations team.