דרושים » אבטחת מידע וסייבר » Cyber Risk and Privacy Protection Manager

abra North is seeking an experienced and highly skilled Information Security Consultant (GRC) and Privacy Specialist with proven expertise in governance, risk management, compliance, and data protection.?? Central region |?? Full-time |?? Hybrid Work Model Key Responsibilities Lead certification and compliance programs for international standards such as ISO 27001, ISO 27799, and ISO 27017
* Provide guidance on privacy and regulatory requirements, including GDPR and the Israeli Protection of Privacy Law (with emphasis on Amendment 13).
* Deliver CISO?as?a?Service, including building and managing security programs, driving risk management activities, and presenting status and recommendations to executive leadership and boards.
* Conduct Cyber/IT Risk Assessments, perform Gap Analyses, and develop actionable remediation plans.
* Develop methodological frameworks, including security policies, procedures, and annual work plans aligned with industry best practices.
* Provide high?level advisory support to align technical security solutions (EDR, DLP, Cloud Security, IAM, etc.) with regulatory and organizational requirements.
* Deliver cybersecurity and privacy awareness training for employees and management.

Were looking for an experienced GRC Manager to join our team in Israel. Were seeking someone with solid, hands-on experience who can take ownership and lead both technically and operationally.
You will lead the certification and accreditation processes , managing all current compliance frameworks and certifications. This includes both preparation activities and direct engagement with external auditors, from readiness and gap analysis through to achieving final reports or certificates.
Roles and Responsibilities:
Lead internal and external audit and certification cycles, ensuring readiness and successful completion of assessments.
Maintain and continuously improve internal control framework, ensuring that security and compliance controls are effective, documented, and aligned across ISO 27001, SOC 2, and privacy requirements.
Develop, maintain, and enhance security and compliance documentation, including policies, procedures, and evidence repositories.
Manage the ongoing risk management process by maintaining a centralized risk register and ensuring alignment between business objectives, regulatory obligations, and security controls.
Conduct internal audits and risk assessments to evaluate the effectiveness of technical and organizational controls.
Manage the cybersecurity onboarding and ongoing risk assessments of third-party vendors, while cooperating with Legal to ensure alignment with privacy compliance requirements.
Manage relationships with external auditors and consultants, ensuring timely completion of certification milestones.
Partner with cross-functional teams to strengthen the companys overall GRC posture and support continuous improvement initiatives.

we are seeking a skilled Project Manager to lead our Management Penetration Testing & Cyber Assessments team. Project Manager specializing in penetration testing and Cyber security assessments Responsibilities:
* Define and manage work plans for the execution of penetration tests and Cyber security assessments.
* Conduct meetings with system owners and stakeholders to gain familiarity with technological environments.
* Define and document the scope of cyber surveys and penetration tests, including application, infrastructure, and secure development (SSDLC) assessments
* Manage negotiations and engagements with external penetration testing and cyber assessment vendors.
* Lead penetration tests and surveys end-to-end, coordinating between external vendors and internal system owners.
* Review draft reports and validate findings.
* Support system owners in remediation activities, including re-testing and verification of findings closure.
* Perform Cyber security surveys related to supply chain security, including assessments of external service providers.
* Prepare presentations summarizing activities, findings, and risk insights.
* Work in a matrix organizational environment, coordinating and driving collaboration with stakeholders within and outside the Cyber Division.
* Interface with a wide range of internal stakeholders and external parties (vendors, integrators, service providers, etc.).
* Mobility required - ability to travel across Ben Gurion Airport campus and Authority sites
* Strong interpersonal skills and the ability to independently lead and drive activities.

This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process - reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.

Lead, mentor, and manage a team of analysts and incident responders, fostering a culture of continuous improvement and collaboration.
Oversee real-time monitoring, analysis, and escalation of security events using SIEM, SOAR, and other security tools.
Develop, implement, and optimize SOC processes, playbooks, and standard operating procedures.
Coordinate incident response activities, ensuring timely investigation, containment, eradication, and recovery from cyber incidents.
Serve as the primary point of contact for major security incidents, coordinating with internal stakeholders and external partners as needed. Ensuring effective communication and coordination among stakeholders throughout the lifecycle of security incidents.
Stay informed on the latest cyber threats, vulnerabilities, and regulatory developments to adapt the organizations security posture proactively.
Prepare and deliver regular reports, metrics, and presentations to executive management regarding Cyber Defense Center's performance and emerging risks.
Support compliance efforts and audits related to cybersecurity frameworks (e.g., SOC2, ISO 27001).
Manage Cyber Defense Center's technology stack, including evaluating and recommending tools and solutions for threat detection and response.
Establish and lead a dedicated purple team to enhance detection, response, and resilience against threats.

Were looking for a Product & Data Protection Counsel to join our Legal team and help drive our success. This is a fantastic opportunity for an ambitious product counsel to join a global, rapidly growing B2B cybersecurity company.
WHAT YOULL DO
Work as part of the Product & Data Protection Team, with members based in Israel and the US.
Act as a key partner and advisor to our Product and R&D teams, advising on legal, commercial, regulatory, and data protection aspects throughout the product lifecycle.
Assess, mitigate, and manage risks related to the product lifecycle and serve as a subject matter expert on product issues.
Handle reviews of new product features and processing activities from a privacy, data protection, and compliance perspective.
Review and negotiate product-related vendor and integration agreements.

We are seeking an experienced Cybersecurity Manager to oversee a global cybersecurity team. This role is responsible for protecting enterprise systems, networks, and data, driving security initiatives, ensuring regulatory compliance, and managing cyber risk across the organization.



Key Responsibilities:

Lead daily operations of the cybersecurity team, ensuring high levels of performance and service.
Execute, implement, and enforce cybersecurity strategies, standards, and policies.
Manage security incident response, threat detection, vulnerability management, and risk mitigation.
Collaborate closely with IT, Compliance, Legal, and Executive teams to align security initiatives with business needs.
Drive adoption and optimization of Microsoft 365 security tools and services.
Ensure secure configuration and management of Active Directory, Azure AD, Windows Server, DNS, DHCP, and related systems.
Support cybersecurity audits, compliance programs, and regulatory reporting efforts.
Mentor and develop cybersecurity staff, promoting continuous improvement and skill advancement.
Stay informed on emerging threats, technologies, and regulatory changes.

Were looking for a highly skilled Cybersecurity Governance, Risk, and Compliance Engineer with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology - ensuring that GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.
As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.
Reporting line: GRC Director
What you will do:
Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Leader / Program Manager, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.
Key Responsibilities
Lead the application security team, providing strategic direction and mentorship.
Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
Implement and manage security automation tools and processes to enhance the efficiency of security operations.
Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
Provide expert guidance on security architecture and design for new and existing applications.
Lead incident response efforts related to application security breaches and vulnerabilities.
Foster a culture of security awareness and continuous improvement within the organization.