Information Security GRC Lead

TL;DR

Information Security GRC Lead (Cybersecurity): Driving organization-wide security compliance and risk management processes with an accent on audit execution, mitigation planning, and security standards. Focus on leading SOX, SOC2, ISO27001, and FedRamp compliance while managing third-party risk and customer security assessments.

Location: Israel - Petah Tikva

Company

hirify.global is a provider of AI-powered digital investigation platforms that enable public safety organizations and intelligence agencies to lawfully access and analyze digital evidence.

What you will do

• Plan and execute cyber security gap analysis and risk assessment processes.
• Perform internal and external technical and procedural security audits.
• Develop, implement, and track technical risk control and mitigation plans.
• Lead audit and compliance activities for SOX, SOC2, ISO27001, FedRamp, and other standards.
• Manage third-party security qualifications, vendor risk management, and GDPR/privacy contributions.
• Handle customer RFP security risk assessment questionnaires with a business-driven approach.

Requirements

• 3+ years of experience in security Governance, Risk and Compliance (GRC) within a global hi-tech company.
• Proven experience with security compliance audits such as NIST, ISO, SOC2, SOX, and FedRamp/DoD.
• Hands-on experience with ISMS in audits, Security Risk Management, and mitigation planning.
• Experience in cloud security compliance and risk management.
• Experience working with customers and third-party qualification processes.
• High level of English proficiency, with a strong emphasis on writing skills.

Nice to have

• Background and experience in R&D infrastructure.
• Professional certifications such as CISA, CISM, CRISC, or CISSP.