GRC Specialist

Team:
Security

 

We're looking for a GRC Specialist to join Global-e's cyber security department and manage Global-e's governance, risk and compliance (GRC) aspects from ground up. Build GRC processes, implement new producers and maintain technology systems to support GRC.

Responsibilities:

  • Lead our compliance operations and audit plans including ISO 27001, SOC2, SOC3 and PCI-DSS.
  • Conduct a risk assessment on systems, processes, vendors and maintain a security maturity program.
  • Design and maintain security methodologies, policies and procedures including exceptions and suggestions for corrective actions.
  • Be in charge of Third party risk management (TPRM)
  • Plan, design and implement GRC tools.
  • Plan design and implement continues compliance.
  • Support sales teams, enabling them to respond to customers and prospect questionnaires and RFP's.

 

Requirements:
  • 3 years of experience in a GRC role
  • At least 1 year of experience in information security, risk management, privacy, and compliance.
  • Strong understanding of information security and privacy frameworks and regulations, such as ISO27001, SOC 2, GDPR, NIST and PCI-DSS.
  • Experience in leading at least one of the following audits: ISO 27001, PCI-DSS, SOC2 including evidence collection and reporting.
  • Strong technical background in IT and Cloud – an advantage.
  • Knowledge of risk assessment methodologies.
  • Experience in the assessment of existing security controls and defining new controls and solutions.
  • Strong oral and written communications and presentation skills.
  • Relevant security and development certifications (QSA, Lead auditor, CISM, CISSP, OSCP, CEH) – an advantage.
  • Experience in GRC frameworks and operating modern systems in a fast-paced, rapidly evolving company environment.
  • Experience working in a global environment.
  • Fluent English – Must.
Not an employee at Global-e