Responsibilities:
* Planning, performing, and tracking Cyber security gap analysis and risk assessment processes
* Performing internal & external, hands-on technical and procedural security audits
* Develop, implement and track technical risk control/mitigation plans
* Working with the company business owners and IT Business applications and infrastructure to implement security controls, solutions and software qualifications and compliance and monitoring.
* Manage information security related tasks, track progress and report to management
* Plan and execute Security processes and InfoSec group controls
* Write, Update and implement security related procedures
* Lead audit and compliance activities as SOX, SOC2, ISO27001, FedRamp and more and provide Privacy technical guidance
* Contributor to GDPR and privacy, working closely with the company legal department.
* Responsible to handle Internal and third-party security qualification processes, vendor risk management and assign required controls
* Responsible on customers RFP security risk assessment questionnaire; in a business-driven approach and a prompt response time
* Always pushing to modernize compliance solutions with efficiencies and business facing approach
Office Location:
Petah Tikva
* 3+ years of experience in security Governance, Risk and Compliance in hi-tech global company.
* Proven experience with security compliance audit and management (NIST, ISO, SOC2, SOX, FedRamp and/or DoD)
* Hands-on experience with ISMS in audits, Security Risk Management, and mitigation planning
* Experience in working with customers and 3rd party qualification processes
* Experience in cloud security compliance and risks
* Background and experience in R&D infrastructure (an advantage).
* Familiar with security vulnerabilities, trends, tools and practices
* Professional certifications as Information Systems Auditor ( CISA ), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Security Professional ( CISSP ) an advantage
* Ability to multi-task in a dynamic work environment
* Ability to motivate others in a matrix management structure
* A true team player and easy to collaborate with A true proactive and can do approach
* High level English with an emphasis on writing skills
