דרושים » אבטחת מידע וסייבר » לארגון טכנולוגי בשרון דרוש /ה CISO

We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.

The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.


RESPONSIBILITIES

Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support security and privacy obligations.
Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
Manage customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.

we are a leader in cloud-native networking software for hyperscalers and service providers who are building the largest infrastructures in the world for network services, AI platforms and SaaS offerings. Founded in December 2015, our company disrupted some of the most challenging high-scale markets, transforming the way Networks are built, scaled, and consumed. We also built the largest network in the world, with more than half of AT&Ts backbone running on our companys Network Cloud. our company has raised $587 million in three funding rounds which enable us to dream big and bring on the most talented people.
The Role:
As the Director of Information Security and GRC, you will oversee all aspects of our company's information security program, ensuring the protection of our data, systems, employees, and applications. You will lead a team of talented security professionals, driving a proactive, responsive and comprehensive security posture aligned with industry best practices and regulations.
Responsibilities:
Be kind.
Will be leading a team of 3-4 security operations specialists and engineers.
Embody the organizations values and act as a values champion, holding both yourself and others accountable to them.
Develop and implement a comprehensive information security strategy aligned with business objectives and risk tolerance.
Lead the Security team, fostering a culture of transparency, continuous improvement and collaboration.
Lead the development and implementation of IT governance frameworks and policies.
Oversee the implementation and maintenance of security controls, including firewalls, intrusion detection/prevention systems, and endpoint security solutions.
Manage product security, vulnerability management, and incident response processes.
Design and implement a robust Governance, Risk, and Compliance (GRC) program, ensuring companywide adherence to relevant regulations and standards.
Conduct regular security assessments and risk analyses to identify and mitigate potential vulnerabilities, partnering with business units and stakeholders across the organization.
Ensure that the organization is prepared for internal and external IT audits; and manage the audit process.
Coordinate with external agencies, auditors, customers and stakeholders for compliance assessments and audits.
Assist in the selection, implementation, and maintenance of security technologies, tools, vendors, and processes to ensure adherence to the organization's security policies and goals.
Work with DevOps and the development staff to improve the security posture and to implement secure SDLC practices.
Stay up to date on the latest security threats, trends, and technologies, ensuring that our company adopts appropriate countermeasures.
Develop and deliver security awareness training programs for employees.
Manage the security budget and resources effectively.
Report to the Chief Operating Officer (COO) on the organization's overall security posture.
Curate the organizations risk register and report regularly on burndown.

We are looking for a Director of Product Security to join our R&D organization and take full ownership of our company's product security initiatives. In this key leadership role, you will spearhead the development and implementation of our comprehensive security strategy, encompassing both SaaS and on-premises solutions.
Responsibilities:
Develop and lead the strategic vision to manage both internal and external risks associated with our company's products and solutions.
Proactively advise the business on how to maintain compliance with appropriate regulatory or industry best practices.
Drive secure development lifecycle and integration of security features into all phases of software design and development, including advising on proper software architecture security standards.
Vulnerabilities management - Identify and facilitate remediation of application and cloud platform exposures and vulnerabilities, including implementation of relevant systems and tools for these purposes.
Conduct cloud security strategy, readiness and discovery assessments; be familiar with cloud security frameworks, compliance requirements and security operations
Research new application security tools and technologies as requested and evaluate options that enhance security capabilities.
Lead compliance gap analysis and implementation (such as SOC2, SOC3, FedRAMP)
Work closely with R&D groups - Dev teams, Platform, DevSecOps and DevOps teams, to enhance application and platform security on all layers, including monitoring and enforcement.
Conduct periodic pen testing against our Saas Platform components.

The Head of Information security will be reported directly to our company's Global CISO. This role requires a results-driven cyber-experienced manager with leadership and management experience, particularly in envisioning and leading large-scale global cyber security teams and developing technology-based security solutions
What will your job look like?
Management experience includes leadership, strategic and security operations and staff management. Proven ability in team building, developing, and implementing security best practices, based on industry standards across various security domains.
Take personal management accountability Coach and mentor existing managers, empower them to lead their own projects and employees. Attract, develop, and retain global talent to ensure people meet business needs, security requirements and a balanced risk based approach between managing risks and enabling business needs .
Create an engaging positive environment Set individual goals, performance, and growth targets for the unit you mange as part of the company's Security team.
Extensive proven experience in cyber technology strategy, architecture, development, project management, and solution integration, including network, cloud, and application security
Oversee quality metrics, best practices, and quality standards. Provide deep expertise for the engineering strategy and implementation. Establish quality standards by using measurement tools, promoting prevention steps and performing RCA (Root Cause Analysis), LL (Lessons Learned) and quality review processes on a regular basis.

If you're eager to launch or accelerate your cybersecurity career in a high-growth tech company, this is your opportunity to learn, contribute, and grow alongside some of the best in the industry.



JOB RESPONSIBILITIES
Monitor and analyze security alerts and logs using advanced monitoring and detection systems.
Triage and respond to Tier-1 security incidentsinvestigating root causes, mitigating risks, and documenting findings thoroughly.
Assist in strengthening AWS cloud security configurations with a focus on the principle of least privilege.
Support the deployment, maintenance, and fine-tuning of security tools and processes.
Collaborate with cross-functional teams to proactively identify threats and enhance overall security posture.
Be part of an on-call rotation, including weekends and holidays, to ensure continuous protection.