Were looking for a driven, motivated, and ambitious GRC Specialist to join our growing Security team . Here, were redefining how security teams operate - not by buying more tools, but by building smarter, AI-driven programs from the ground up. As our GRC Specialist, you'll own the compliance programs that underpin trust with our customers and partners, while actively shaping how we use AI and automation to make compliance faster, more rigorous, and less manual. This isn't a checkbox role. It's a builder role for someone who sees compliance as a competitive advantage and AI as the engine to get there.
Responsibilities:
Compliance Program Ownership
Own and lead security compliance programs across SOC 2, ISO 27001, C5 BSI, and ISO 42001, ensuring continuous readiness and alignment with evolving requirements.
Lead the scoping, planning, and implementation of new compliance frameworks as the business scales into new markets and regulatory environments.
Act as the primary point of contact for audits - managing evidence collection, auditor relationships, and remediation tracking end-to-end.
AI-Driven Compliance Operations
Design and operate continuous compliance monitoring programs leveraging AI and automation - replacing point-in-time snapshots with real-time assurance.
Build internal AI-powered tooling and workflows (in partnership with the AI Transformation Lead) to automate evidence gathering, control validation, and risk signal aggregation.
Evaluate and adopt emerging AI compliance methodologies, including AI-specific frameworks like ISO 42001, and translate them into actionable internal programs.
Risk & Vendor Management
Manage the third-party risk program (TPRM), including vendor assessments, security questionnaires, and ongoing monitoring of the vendor landscape.
Maintain and actively drive the risk register in close collaboration with the CISO, ensuring risks are tracked, owned, and remediated on time.
Policy & Culture
Develop and maintain security policies, standards, and procedures that are practical, current, and aligned with both compliance requirements and business objectives.
Drive security awareness training across the organization and champion secure development practices in collaboration with engineering and product teams.
Cross-functional Collaboration
Serve as a trusted partner to the CISO, Information Security Manager, HR, Legal, and AI Transformation Lead on matters of risk, compliance, and security governance.
דרישות:
A self-starter mindset: comfortable with ambiguity, able to set priorities without heavy direction, and capable of building structure where none exists.
Demonstrated ability to build compliance and security programs from scratch, not just maintain inherited ones.
2+ years of hands-on experience in information security and GRC, ideally in a fast-moving SaaS or tech environment.
Deep familiarity with major frameworks and regulations - SOC 2, ISO 27001, NIST, CIS, DORA, GDPR, and related standards.
Practical experience with security and IT tooling across cloud environments (AWS, Azure, or GCP), application security, and infrastructure security.
Exposure to SOC (cybersecurity operations center) environments and cybersecurity incident response.
Strong written and verbal communication skills - able to translate technical risk into clear language for executives, auditors, and non-technical stakeholders.
Hands-on experience with IT and Security tools
AI Orientation (Non-Negotiable)-
Genuine curiosity and working knowledge of AI tools, LLMs, and automation - you've used them, not just read about them.
Experience building or operating AI-assisted workflows for compliance, risk, or security operations is a strong plus.
Ability to think critically about AI risk, including how to govern and assess AI systems under frameworks like ISO 42001.
Visionary outlook: you see the 2-year horizon where AI has transformed how GRC functions and you want to be the person who builds that future המשרה מיועדת לנשים ולגברים כאחד.