This position should take ownership of the following key responsibilities:
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process – reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.
Policy & Governance Management
Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
Ensure version control, approval workflows, and cross-departmental adoption.
Lead annual policy reviews and align with new business or regulatory needs.
Security Risk Management
Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
Track mitigation progress and report key risks to leadership.
Compliance & Certification Programs
Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
Prepare evidence and documentation for internal and external audits.
Vendor & Third-Party Risk Management
Oversee the Vendor Security Review process – reviewing new suppliers, SaaS tools, and renewals.
Monitor vendor security posture via SecurityScorecard or similar tools.
Ensure data processing agreements (DPAs) are aligned with legal.
Customer & Partner Assurance
Manage all RFI / RFP / security questionnaire responses.
Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
Support Sales / Customer Success during security discussions.
Security Process Governance
Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
Integrate approvals into Jira or ServiceNow for traceability.
Collaborate with IT / AppSec / Legal for end-to-end governance.
Awareness & Training
Drive company-wide security awareness campaigns.
Onboard new hires with security and compliance training.
Ensure developers and business teams understand their compliance obligations.
Metrics & Reporting
Define KPIs for compliance maturity, audit readiness, and risk reduction.
Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.
Requirements:
5-8 years of experience in Governance, Risk, and Compliance (GRC) or Information Security management, preferably within a technology or SaaS organization.
Proven track record of developing, implementing, and maintaining security policies and frameworks (e.g., ISO 27001, SOC 2, GDPR, NIST).
Hands-on experience owning and managing a corporate risk register, driving risk assessments, and ensuring timely mitigation across multiple business domains.
Strong background in compliance management, including preparing evidence and documentation for both internal and external audits.
Demonstrated ability to lead vendor and third-party security assessments, evaluate supplier risks, and align data processing agreements (DPAs) with legal and privacy teams.
Experience managing customer assurance programs, responding to RFIs/RFPs, and supporting sales teams with security documentation and due diligence.
Skilled in security process governance – establishing approval workflows for new tools, integrations, and architectural changes, and embedding controls into systems like Jira or ServiceNow.
Proven ability to drive security awareness initiatives, design training programs, and communicate compliance responsibilities effectively across departments.
Experience defining and reporting KPIs and metrics related to compliance maturity, audit readiness, and overall risk posture.
Strong collaboration skills – capable of partnering with cross-functional stakeholders (Engineering, IT, Legal, AppSec, and Product) to strengthen the organizations security and compliance posture.
5-8 years of experience in Governance, Risk, and Compliance (GRC) or Information Security management, preferably within a technology or SaaS organization.
Proven track record of developing, implementing, and maintaining security policies and frameworks (e.g., ISO 27001, SOC 2, GDPR, NIST).
Hands-on experience owning and managing a corporate risk register, driving risk assessments, and ensuring timely mitigation across multiple business domains.
Strong background in compliance management, including preparing evidence and documentation for both internal and external audits.
Demonstrated ability to lead vendor and third-party security assessments, evaluate supplier risks, and align data processing agreements (DPAs) with legal and privacy teams.
Experience managing customer assurance programs, responding to RFIs/RFPs, and supporting sales teams with security documentation and due diligence.
Skilled in security process governance – establishing approval workflows for new tools, integrations, and architectural changes, and embedding controls into systems like Jira or ServiceNow.
Proven ability to drive security awareness initiatives, design training programs, and communicate compliance responsibilities effectively across departments.
Experience defining and reporting KPIs and metrics related to compliance maturity, audit readiness, and overall risk posture.
Strong collaboration skills – capable of partnering with cross-functional stakeholders (Engineering, IT, Legal, AppSec, and Product) to strengthen the organizations security and compliance posture.
This position is open to all candidates.
