Responsible:

• Planning, performing and tracking cyber security gap analysis and risk assessment processes
• Performing internal & external, hands-on technical and procedural security audits
• Develop, implement and track technical risk control/mitigation plans
• Responding to customer security inquiries
• Working with IT Business applications, infrastructure and service group to monitor and implement security controls, solutions and software qualifications and compliance
• Security processes and InfoSec group controls efficiency plans and execution
• Write and implement security related procedures
• Lead audit and compliance activities as SOX, SOC2, ISO27001 and more
• Handle customers RFP and risk assessments in a business-driven approach and a prompt response time

Requirements:

• 3+ years of experience in security Governance, Risk and Compliance in the hi-tech domain
• Proven experience with security compliance management (ISO, SOC2, SOX)
• Hands-on experience with ISMS according to audits, Security Risk Management and mitigation planning
• Experience in working with customers and 3rd party qualifications
• Experience with cloud security compliance and risks
• Experience in a high tech, global company
• Background and experience with infrastructure and Application security (R&D an advantage)
• Familiar with security vulnerabilities, trends, tools and practices.
• Professional designation in IT Security or compliance such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Security Professional (CISSP) - would be an asset
• Experience with FedRamp- an advantage
• Ability to multi-task and change direction/priorities quickly
• Ability to motivate and work in a matrix management structure
• A true team player and easy to collaborate with
• High level English with an emphasis on writing skills
• A true proactive and “can do” approach
• Work is in the company offices (on site)