We are rapidly growing, and we seek a GRC Analyst to join our InfoSec team.
In this position you will report to the CISO and will be located in our Israeli office.
Trust is the cornerstone of our fintech SaaS environment, and we are looking for a GRC Analyst to uphold this principle. This role will serve as the primary liaison for both internal risk management initiatives and external inquiries, and for ensuring our internal controls adhere to international standards and frameworks.
Responsibilities:
Policy & Framework Management: Assist in developing and maintaining information security policies and procedures in alignment with international standards such as ISO 27001, NIST, CIS, GDPR, CSA and SOC 2.
Risk & Control Lifecycle: Manage regular risk assessments to identify vulnerabilities and participate in the design, implementation, and testing of security controls to ensure organizational resilience.
Audit & Compliance Monitoring: Coordinate internal and external security audits, managing the collection of evidence and tracking remediation efforts across various business units.
GRC Platform Ownership: Serve as the technical owner of the companys GRC platform.
RFI Lifecycle Management: Act as the primary point of contact for managing the end-to-end process for client security questionnaires and due diligence requests from triage to final submission.
Knowledge Base Architecture: Build and maintain a centralized, AI-assisted repository of approved technical responses covering Security, Privacy, Product Tech (e.g., oAuth, integrations), Legal, ESG, and Finance.
SME Collaboration & Triage: Facilitate cross-functional communication by triaging inquiries and escalating complex technical or legal questions to the appropriate Subject Matter Experts in R&D, Product, Legal, and Compliance.
Technical Trust Documentation: Create and update client-facing collateral, including security white papers, trust center content, and compliance summaries to proactively address stakeholder inquiries.
Process Optimization & Metrics: Evaluate and implement new SaaS tools to automate the RFI workflow while tracking performance metrics like volume and response times to drive operational efficiency.
Stakeholder Enablement: Develop and deliver training materials, wikis, and "How-to" guides to educate GTM and technical teams on the standardized RFI process and SME engagement model.
Requirements: 2+ years of experience in a similar role
Native or High English proficiency with excellent written and verbal communications skills
Ability to juggle priorities, meet deadlines, and work with grace under pressure
Technical understanding of IT infrastructure, networking and systems
Knowledgeable of relevant regulations, such as GDPR, CCPA and similar privacy frameworks, as well as information security industry standards, such as ISO 27001 and SOC2 Type II
Experience in identifying and mitigating risks
Preferred Qualifications
IT/security certifications such as A+, Security+, ISC2 CC
Native English speaker
Experience in auditing / consulting
Experience in Compliance
Experience in Risk management frameworks such ISO 31000
Experience utilizing GRC platforms or security questionnaire automation tools.
Experience with cloud security principles and relevant compliance standards (e.g., CSA STAR, AWS Well Architected Framework).
This position is open to all candidates.