we are looking for a Compliance Officer & Data Protection Officer (DPO) to own and lead our companys compliance function. This is not a supporting role - we are looking for someone who will take full ownership of the compliance domain, drive it forward proactively, and build it into a strategic asset for the business. The successful candidate will design, implement, and continuously improve our companys compliance program, ensure adherence to all applicable regulatory requirements and industry standards, and serve as our formally designated DPO under GDPR. Reporting directly to the General Counsel, this person will act as the internal authority on compliance and data protection, operating with a high degree of independence and initiative.
Key Responsibilities:
Compliance Program Development: Develop and maintain an effective compliance program that covers applicable laws, regulations, and standards, including GDPR, CCPA, Israeli Privacy Protection laws and regulations, HIPAA, ISO 27001 and 27017, SOC 2, and emerging AI governance frameworks (e.g., EU AI Act). .
Regulatory Oversight: Monitor and interpret changes to relevant laws, regulations, and industry standards changes and assess their impact on the company's compliance obligations.
Develop, implement, and manage policies, procedures, and controls to mitigate compliance risks and ensure adherence to industry standards and applicable laws and regulations.
Internal Audits and Assessments: Conduct regular internal audits and risk assessments to identify potential compliance gaps and recommend corrective actions.
Training and Awareness: Develop, deliver, and monitor compliance training programs for employees to ensure they understand and adhere to regulatory requirements and company policies.
Reporting and Documentation: Prepare detailed compliance reports and documentation for the General Counsel, regulatory agencies, senior management, and other stakeholders.
Incident Management: Investigate compliance-related incidents and breaches, ensuring timely resolution and reporting to the General Counsel.
Collaboration: Work closely with legal, IT, security, and operational teams to integrate compliance requirements into the companys services and business processes.
Data Protection Officer (DPO): Serve as our companys designated DPO under GDPR and applicable privacy laws. Maintain the Records of Processing Activities (RoPA), handle data subject requests, advise on data protection impact assessments (DPIAs), and act as the primary point of contact with supervisory authorities.
Proactive Domain Leadership: Take initiative in identifying emerging compliance risks and regulatory developments before they become issues. Champion a culture of compliance across the organization and continuously improve the maturity of the compliance program.
Requirements: Law degree (LL.B. or LL.M.) from an accredited institution and active membership in the Israel Bar Association (or equivalent global bar) is required.
Relevant certifications such as Certified Compliance & Ethics Professional (CCEP), Certified Regulatory Compliance Manager (CRCM), or similar credentials - advantage.
Privacy certification required or strongly preferred: CIPP/E (Certified Information Privacy Professional/Europe), CIPM, or equivalent DPO qualification demonstrating hands-on GDPR expertise.
5 years of experience in compliance, risk management, or a related role, preferably within the cloud services or technology industry.
In-depth knowledge of cloud computing environments and related compliance standards and regulations.
In-depth knowledge of Information Systems Security.
Strong analytical skills with the ability to interpret complex regulatory requirements and translate them into actionable policies and procedures.
Excellent communication skills, both English and Hebrew, both written and verbal, with the ability to interact effectively with all levels of the organization.
This position is open to all candidates.