דרושים » אבטחת מידע וסייבר » GRC Operations Specialist

We're looking for a Senior Governance, Risk, and Compliance (GRC) Specialist to join our global GRC team. In this critical role, you will help secure the platform that powers the software supply chain for thousands of the world's top organizations.
Reporting to the GRC Manager, you will work alongside a talented team to enhance our security posture, establish GRC best practices, and embed security governance into our fast-paced, DevOps-driven culture. You will be a key advisor, helping to translate complex risks and compliance requirements into actionable controls that support missin.
As a Senior GRC specialist you will...
Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets.
Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2).
Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings.
Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment.
Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with risk appetite.
Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated.
Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members.

Are you ready to evolve from a GRC Specialist into a strategic leader? We are looking for a high-potential GRC Specialist to join Fiverr. As a GRC at Fiverr you will be responsible for aligning Fiverr’s security compliance and regulatory requirements. You will be responsible for preparing the business for certifications and regulations. You will verify that existing controls are adequate and define and oversee the implementation of new security controls. In addition, you will be responsible for) Risk management, employee awareness and Vendor Security assessment. You will devise new policies and update existing ones while aligning with business processes.


What am I going to do?:

* Oversee the company's security GRC program.
* Lead annual certifications (ISO 27001, SOX-ITGC) and prepare for security audits (e.g., PCI DSS).
* Third-party risk management.
* Develop policies and guidelines aligned with security best practices for complex environments.
* Conduct risk management and build plans to mitigate risks while engaging stakeholders.
* Collaborate with IT, Legal, HR, Finance, and security teams to address gaps versus best practices.
* Drive the security awareness program and explore strategies to enhance the security posture.


Equal opportunities:
At Fiverr, we prioritize diversity. We celebrate difference and embed it into every aspect of our workplace and product, as well as our community. Fiverr is proud and committed to providing equal opportunity employment to all individuals regardless of race, color, religion, sex, sexual orientation, citizenship, national origin, disability, Veteran status, or any other characteristic protected by law. In addition, Fiverr will provide accommodation to individuals with disabilities or a special need.

We are looking for a GRC specialist who is excited to build and scale a modern compliance and security program from the ground up. This role is not just about maintaining SOC 2 and ISO certifications. It is about embedding security into our product, our engineering culture, and every customer conversation. You will partner closely with Engineering, Sales, and Leadership to turn compliance into a strategic advantage and help our company earn and maintain the trust of some of the most security-conscious organizations in the world.
About us:
The company Threat Exposure Management Platform is the first and only consolidated platform that integrates with your security tools to reveal, remediate, and mitigate the risk of exposures across your entire infrastructure. Backed by Sequoia and Cyberstarts, our company uses an agentless approach to reveal what is truly exploitable while reducing manual prioritization and remediation through automated response workflows.
What you will do:
Own and manage our companys security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
Build and maintain our companys internal security controls framework and evidence collection processes
Establish and manage continuous compliance monitoring and validation initiatives
Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
Manage relationships with external auditors and assessors during compliance audits
Drive security awareness training and secure development practices across the organization
Support customer-facing security conversations during sales cycles and onboarding
Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
Build scalability into GRC processes through automation and tooling improvements.

We are looking for a senior, hands-on Security Operations Lead to build, mature, and operate detection, response, and corporate security capabilities. You will own the engineering, workflows, and processes that keep secure day-to-day, while continuously improving visibility, automation, and operational resilience across both corporate and production environments. This role requires a technical operator who can architect scalable detection and response pipelines, manage endpoint and identity security controls, streamline GTM security enablement, and collaborate across the company to reduce risk. You will balance strategic direction with hands-on execution-ensuring threats are identified quickly, incidents are handled effectively, and the organizations operational security posture remains strong as grows.
Responsibilities:
Own and mature Detection & Response program, including alerting, triage workflows, incident playbooks, and end-to-end response processes.
Build and maintain detection logic, integrations, and automation across logging, SIEM, EDR, cloud telemetry, and internal monitoring systems.
Lead incident investigations, coordinate response across engineering and business teams, and ensure clear communication and post-incident reviews.
Manage Corporate Security Program, including identity and access management, endpoint posture management, corporate data security controls, and DLP practices.
Oversee privileged access workflows and JIT access for corporate and production systems in alignment with least-privilege principles.
Partner with engineering teams to ensure production environments maintain strong security baselines, logging, and monitoring coverage.
Collaborate with GTM/Sales teams to support Security Enablement, including third-party security questionnaires, customer assurance needs, and auditor inquiries.
Build automation-first operational processes that reduce manual overhead and provide consistent, repeatable security outcomes.
Develop and refine detection and response runbooks, escalation paths, and cross-team coordination models.
Maintain and improve incident and operational metrics, dashboards, and KPIs to measure operational efficiency and threat coverage.
Drive the intake and prioritization of security operations requests through Jira and internal workflows.
Work closely with Product Security, Cloud/DevOps, and GRC to ensure shared visibility and aligned operational practices.
Identify operational security gaps, propose improvements, and lead implementation efforts across tooling, processes, and controls.
Promote a culture of proactive detection, fast response, and shared responsibility for organizational security.

our Technology Consulting team is looking for a Cybersecurity Consultant to join our cyber department.
The Cyber Department works with a variety of clients in different fields: Government, Hi-tech, Industry, Retail, Hotels, Defense and more.
The Job Will Include:
Client Engagement: Leading, guiding and advising to clients in Israel and abroad as well as joint projects with various partners of global on cyber security projects based on methodology, regulation and standards
Technologies: Work with different aspects of cyber security in multiple fields such as IT, OT & Cloud
Security Assessments: Carrying out risk surveys including cyber, operational and supply chain risks
Advisory and Strategy Development: Developing business continuity plans (BCP) ,cyber security and maturity programs, secure architectures, policies and information security procedures
Collaboration: Leading representative and high-profile meetings with client internal senior management

We are seeking a highly experienced Vulnerability Lead to join the Cyber Security organization, reporting directly to the Head of PMO under the CISO.
This role combines deep domain expertise in Vulnerability Management with strong project leadership capabilities. The primary focus is to lead and mature the organizations vulnerability management program, while also driving additional cross-functional security initiatives.
The ideal candidate brings hands-on experience in vulnerability lifecycle management, risk-based prioritization, and remediation at scale, along with the ability to operate across security, engineering, infrastructure, and product teams.
Responsibilities:
Vulnerability Management Leadership
Own and lead the organizations Vulnerability Management program across cloud, infrastructure, SaaS, and application environments.
Drive end-to-end vulnerability lifecycle: identification, assessment, prioritization, remediation, and validation.
Implement and enforce risk-based prioritization aligned with business impact and threat intelligence.
Define, track, and improve KPIs such as SLA adherence, remediation timelines, and exposure trends.
Work closely with Security, DevOps, Infrastructure, and Engineering teams to ensure effective remediation at scale.
Project & PMO Execution
Lead and deliver additional cross-functional cyber security projects under the CISO organization.
Define project scope, objectives, timelines, and success metrics aligned with security strategy.
Manage execution, dependencies, risks, and stakeholder alignment across multiple initiatives.
Prepare executive-level reporting and dashboards for the CISO and senior leadership.
Strategy & Improvement
Continuously improve vulnerability management processes, tooling, and governance.
Support audits, compliance requirements, and security risk reporting.
Act as a subject matter expert for vulnerability risk across the organization.

we are looking for a Cybersecurity Manager, AI Security Practice
Role Overview:
As a Manager in the Cybersecurity Practice with a focus on AI Security, you will drive strategic growth of offerings at the intersection of cybersecurity, artificial intelligence (AI), and governance risk & compliance (GRC). You will lead client engagements, shape innovative service offerings, influence go-to-market strategy, mentor delivery teams, and help organizations secure AI transformative initiatives.
This role sits at the convergence of consulting, technology, and risk advisory, requiring both deep technical expertise in AI and ML security architectures and senior client relationship leadership. You will work cross-functionally with global teams including cyber, cloud, data, AI and risk to embed security strategies into clients AI journeys.
Responsibilities:
Strategic Leadership & Practice Growth:
Define and execute the strategic roadmap for AI security offerings and solutions, including consulting frameworks, accelerators, and tool integrations.
Drive thought leadership in AI risk management, secure AI adoption, and cyber governance for emerging technologies.
Lead go-to-market strategy, including positioning, business development, proposals, pricing, and differentiation in AI security.
Influence global cyber offerings to incorporate AI risk, threat modeling, compliance, and resilience considerations.
Client Delivery & Engagement:
Lead complex client engagements end-to-end, from scoping through delivery, ensuring high quality, on-time and profitable execution.
Advise enterprise clients on secure AI adoption, AI threat landscape, governance frameworks, secure deployment patterns, and operational resiliency.
Architect secure AI and ML environments, including identification of risks such as data poisoning, model extraction, integrity attacks, and unauthorized access.
Integrate AI security with enterprise security programs, cloud, DevSecOps, identity and access management, and compliance controls.

our companys Advanced Cybersecurity Center empowers global and Israeli organizations to build cyber resilience. As a Senior Cybersecurity Consultant on our Defensive Cybersecurity team, you will lead consulting engagements with strategic clients across multiple domains-including compliance, cloud security, application security, and more. You will conduct cyber risk assessments, design mitigation strategies, and guide clients through complex security challenges with confidence and clarity.
Job description
Lead end-to-end delivery of defensive cybersecurity consulting engagements-from scoping to executive read-out-covering Risk & Compliance, Cloud and Application Security, Security Operations, and more.
Advise CISOs and senior stakeholders on cybersecurity program maturity and co-develop strategic roadmaps toward enhanced cyber resilience.
Design actionable remediation plans and oversee their implementation to ensure measurable progress.
Collaborate cross-functionally to develop innovative service offerings, reusable accelerators, and thought leadership content.

As a Security Specialist, you will play a meaningful role in shaping how our company operates and scales its security posture. You will be the hands-on backbone of our security team, you will keep our systems running, respond to alerts, and ensure our SDLC is secure from commit to production.
You will work closely with R&D, DevOps, and the IT team, take ownership over daily security operations and automations, and help transform complex security threats into clear, structured outcomes.
Responsibilities
Own and execute daily security operations with independence and accountability, including monitoring, triaging, and responding to alerts across all platforms.
Collaborate with R&D and DevOps to align security priorities within the CI/CD pipeline and embed secure coding practices into the development lifecycle.
Turn ambiguity into structured processes by building SOAR playbooks to automate repetitive tasks and creating detection rules tuned to our companys environment.
Drive high-quality execution in vulnerability management, coordinating remediation with engineering teams according to strict SLA timelines.
Communicate clearly by documenting incident root causes, maintaining security dashboards (MTTD/MTTR), and reporting on security metrics.
Continuously improve workflows by tuning security tools (EDR, CNAPP, IAM), suppressing false positives, and automating evidence collection for compliance.
What Success Will Look Like
Success in this role means becoming a trusted, reliable contributor who brings clarity and stability to our companys security environment.
Within the first months, you are expected to:
Take full ownership over the security alert workflow and operate independently in incident investigation.
Deliver consistent, high-quality outcomes in managing our security tooling stack (EDR, IAM, and secrets management).
Proactively identify gaps in the SDLC security gates or inefficiencies in manual triage and address them through automation.
Build strong working relationships with the Engineering and IT teams based on trust and accountability.
Contribute to a calmer, more predictable, and better-organized security environment by reducing noise and automating toil.

our companys Advanced Cybersecurity Center empowers global and Israeli organizations to build cyber resilience. As a Senior Cybersecurity Consultant on our Defensive Cybersecurity team, you will lead consulting engagements with strategic clients across multiple domains-including compliance, cloud security, application security, and more. You will conduct cyber risk assessments, design mitigation strategies, and guide clients through complex security challenges with confidence and clarity.
Job description
Lead end-to-end delivery of defensive cybersecurity consulting engagements-from scoping to executive read-out-covering Risk & Compliance, Cloud and Application Security, Security Operations, and more.
Advise CISOs and senior stakeholders on cybersecurity program maturity and co-develop strategic roadmaps toward enhanced cyber resilience.
Design actionable remediation plans and oversee their implementation to ensure measurable progress.
Collaborate cross-functionally to develop innovative service offerings, reusable accelerators, and thought leadership content.