דרושים » אבטחת מידע וסייבר » Information Security Consultant (GRC) and Privacy Specialist

We are seeking a GRC Security Specialist to join our Cyber GRC Team. You will be joining a tight-knit and highly respected team of GRC experts who are central to our security strategy. In this role, you will be at the heart of protecting our global financial platform, directly influencing the trust and safety of millions of users worldwide.
What you'll do:
Directly responsible for policies, procedures, and controls to assure compliance with applicable regulatory, legal, and audit requirements as well as good business practices.
Develop a Cyber security compliance strategy and approach and ensure compliance with contractual requirements and globally recognized standards and guidelines.
Identify regulatory, legislative, and industry-specific compliance requirements and define controls that can be used to meet those requirements.
Conduct and participate in periodic internal reviews or audits to ensure that compliance procedures are followed.
Oversee and evaluate compliance systems to ensure they function effectively.
Compile and present reports to management on compliance activities and progress.
Stay updated on industry developments, regulatory trends, and best practices to evaluate their potential impact on the organization.
Design and implement enhancements in compliance communication, monitoring, and enforcement mechanisms.
Develop and execute a compliance awareness program, including the creation and distribution of materials for all employees.
Partner with Legal and IT teams to manage data protection agreements and compliance initiatives.
Lead the development and execution of company-wide security awareness and training initiatives.
Assist in incident response planning and investigations when necessary.

we are looking for a Cyber Security Risk & Compliance Specialist .
As a key member of the CISOs office, you will play a vital role in ensuring organizational resilience through risk management, policy enforcement, and compliance with stringent financial regulations. This position focuses on providing high-level oversight of technological processes, supporting complex projects, and continuously enhancing the organization's defense posture.
Responsibilities:
GRC & Policy Leadership: Writing, implementing, and updating information security policies and procedures. Ensuring alignment with banking standards and regulatory requirements (e.g., Directive 364).
Risk Assessment (CRA): Performing comprehensive cyber risk assessments for new systems and technological initiatives.
Oversight & Monitoring: Analyzing SIEM/SOC findings and technical risks. Providing guidance to implementation teams to improve detection capabilities and log management.
External Audit Management: Defining the scope and managing third-party security audits. Analyzing findings and tracking remediation efforts.
Security Benchmarking: Conducting comparative analysis of security products and general software from an information security perspective.
Detection Strategy: Formulating recommendations for log optimization, defining new alerts, and evaluating the effectiveness of existing control tools.
Strategy & Awareness: Building the annual information security work plan, leading cyber simulations, and conducting organizational security awareness training.

This role oversees security governance, risk management, compliance, and incident readiness, while working closely with engineering, product, legal, MIS and other teams to embed security across the organisation and support customer trust and business growth.
Key Responsibilities
Develop and maintain the companys information security strategy, policies, and long-term roadmap. Both for production environments and for internal business by overseeing security of enterprise systems.
Lead security risk assessments, mitigation planning, and ongoing security monitoring.
Lead incident response planning, preparedness, and execution.
Manage security governance, including controls, documentation, and audit readiness.
Ensure compliance with relevant standards and regulations such as SOC 2, ISO 27001, GDPR, and emerging AI frameworks.
Direct security architecture reviews and support secure development practices across product and engineering teams.
Ensure security is integrated into engineering culture and delivery without hindering velocity, while aligning platform security with engineering practices and production resiliency requirements.
Oversee vendor security, penetration testing, and third-party risk management.
Serve as the primary security contact for customers, partners, auditors, and regulators, and own the security aspects of the companys products, in alignment with business and customers needs.
Provide regular updates to executive leadership on security posture, risks, and priorities.

This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process - reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.

We are looking for a passionate and experienced Governance, Risk, and Compliance (GRC) operations specialist to contribute to our companys efforts in making the most security and trusted provider of digital asset management solutions.
This role is critical in driving our day-to-day GRC programs, ensuring they are well maintained, run according to schedule, and align with our business needs.
As the GRC operations specialist, you will oversee the successful implementation and progress of GRC programs, practices, and projects, while collaborating with multiple cross-functional teams within the security department and outside of it.
What You Will Do:
Own, manage, and continuously improve the companys Third Party Risk Management (TPRM) program, making sure it is both aligned with expected security standards and best practices, and meets business requirements and SLAs.
Own, manage, and continuously improve the companys security awareness program, making sure its scope, content, cadence and overall performance are always aligned with the latest and most relevant expectations, while also well received and relevant to the business.
Manage ongoing operations within the GRC team including project management and tracking, financial planning and reporting, annual and periodic planning, and more.
Drive ongoing GRC efficiency through innovation, automation, data-driven decision making research and exploration.
Support and contribute to ongoing GRC operations such as internal and external audits, risk assessments, certification processes, policy management, business continuity program and more.

Are you ready to evolve from a GRC Specialist into a strategic leader? We are looking for a high-potential GRC Specialist to join Fiverr. As a GRC at Fiverr you will be responsible for aligning Fiverr’s security compliance and regulatory requirements. You will be responsible for preparing the business for certifications and regulations. You will verify that existing controls are adequate and define and oversee the implementation of new security controls. In addition, you will be responsible for) Risk management, employee awareness and Vendor Security assessment. You will devise new policies and update existing ones while aligning with business processes.


What am I going to do?:

* Oversee the company's security GRC program.
* Lead annual certifications (ISO 27001, SOX-ITGC) and prepare for security audits (e.g., PCI DSS).
* Third-party risk management.
* Develop policies and guidelines aligned with security best practices for complex environments.
* Conduct risk management and build plans to mitigate risks while engaging stakeholders.
* Collaborate with IT, Legal, HR, Finance, and security teams to address gaps versus best practices.
* Drive the security awareness program and explore strategies to enhance the security posture.


Equal opportunities:
At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.

we are looking for an experienced Cyber Security Consulting Manager (Engagement Manager) to lead proactive consulting engagements with clients worldwide. The appropriate candidate will be responsible for the engagement lifecycle - from engagement planning, throughout the day-to-day engagement execution, management of consulting team and client interaction, until the successful engagement presentation and delivery.
Main Responsibilities:
Lead a team of top cyber security consultants (matrix management), to conduct and deliver a variety of proactive cyber security assessments and resilience-enhancing engagements.
Work on multiple engagements in parallel, at client sites or remotely.
Ensure the timely and successful delivery of services according to the engagement scope, objectives, budget, timelines, and clients needs.
Develop and present status updates and summary reports to a variety of audiences, including technical teams, CISOs, CIOs/CTOs, and executive management.
Serve as the trusted advisor to industry-leading multinational organizations, acting as the primary point of contact with clients before, during, and after engagements.
Support the building of long-term relationships with clients, ensuring continuous client impact and success.
Participate in and lead business development activities, internal capability-building efforts, methodology development, and strategic discussions.

We are looking for a GRC specialist who is excited to build and scale a modern compliance and security program from the ground up. This role is not just about maintaining SOC 2 and ISO certifications. It is about embedding security into our product, our engineering culture, and every customer conversation. You will partner closely with Engineering, Sales, and Leadership to turn compliance into a strategic advantage and help our company earn and maintain the trust of some of the most security-conscious organizations in the world.
About us:
The company Threat Exposure Management Platform is the first and only consolidated platform that integrates with your security tools to reveal, remediate, and mitigate the risk of exposures across your entire infrastructure. Backed by Sequoia and Cyberstarts, our company uses an agentless approach to reveal what is truly exploitable while reducing manual prioritization and remediation through automated response workflows.
What you will do:
Own and manage our companys security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
Build and maintain our companys internal security controls framework and evidence collection processes
Establish and manage continuous compliance monitoring and validation initiatives
Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
Manage relationships with external auditors and assessors during compliance audits
Drive security awareness training and secure development practices across the organization
Support customer-facing security conversations during sales cycles and onboarding
Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
Build scalability into GRC processes through automation and tooling improvements.

our Technology Consulting team is looking for a Cybersecurity Consultant to join our cyber department.
The Cyber Department works with a variety of clients in different fields: Government, Hi-tech, Industry, Retail, Hotels, Defense and more.
The Job Will Include:
Client Engagement: Leading, guiding and advising to clients in Israel and abroad as well as joint projects with various partners of global on cyber security projects based on methodology, regulation and standards
Technologies: Work with different aspects of cyber security in multiple fields such as IT, OT & Cloud
Security Assessments: Carrying out risk surveys including cyber, operational and supply chain risks
Advisory and Strategy Development: Developing business continuity plans (BCP) ,cyber security and maturity programs, secure architectures, policies and information security procedures
Collaboration: Leading representative and high-profile meetings with client internal senior management