We are seeking a highly skilled and experienced Security GRC (Governance, Risk, and Compliance) Specialist to join our team. The ideal candidate will report to the GRC manager, have a strong background in security governance, risk management, and compliance, with a proven track record of successfully implementing GRC programs.Key Responsibilities:Develop, implement, and maintain GRC frameworks, policies, and procedures.Respond to customer due diligence requests, assist with contract agreements, and participate in customer calls to address GRC-related inquiries.Conduct risk assessments and identify potential security threats and vulnerabilities.Collaborate with cross-functional teams to integrate GRC initiatives into business processes.Design and maintain security awareness program (e.g., conduct phishing simulations, generate newsletters, administer training platform)Monitor and report on the effectiveness of GRC programs and controls.Provide guidance and support to internal stakeholders on GRC-related matters.Stay up to date with industry trends and emerging threats to continuously improve the GRC program.Perform technical risk assessments.Qualifications:Bachelor’s degree in information security, Computer Science, or a related field.Minimum of 5 years of experience in GRC, and information security.Strong knowledge of regulatory requirements and industry standards (e.g., GDPR, HIPAA, ISO 27001).Experience in conducting customer due diligence, handling customer calls.Experience in conducting security audits such as SOC 2 and ISO 27000 family.Experience with GRC platforms, including third-party risk management, and security awareness.Excellent analytical, problem-solving, and communication skills.Ability to work independently and as part of a team in a fast-paced environment.Relevant certifications such as CISSP, CISM, or CRISC are preferred.Highly advantageous, experience with: Business Continuity Planning (BCP)performing technical risk assessments on various systems, including cloud, network, and application environments.Payment Card Industry (PCI) standardsCyber Essentials plusAI Security and Governance practices Managing Bug Bounty programs
We invite you to check out our Instagram Page to gain further insight into the Varonis culture!
@VaronisLife
Varonis is an equal-opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.