Senior Cybersecurity Governance, Risk, and Compliance Analyst

Summary

Join Axonius as a Senior Cybersecurity GRC Analyst in Israel and contribute to the company's cybersecurity governance, risk management, and compliance efforts. You will conduct security and compliance assessments, manage vendor risk, and improve the GRC program. This role requires proven cybersecurity expertise, understanding of regulatory standards, and strong communication skills. The position includes a structured onboarding plan with regular feedback sessions to ensure your success within the team.

Requirements

• Understanding of corporate governance principles and best practices
• 5+ years of combined experience in any of the following areas: Cybersecurity Risk, Vendor Risk, Enterprise Risk, IT System Administrator, IT Auditing, or related fields
• Understanding of or certifications related to SOC 2, ISO 27001, ISO 22301, ISO 42001, HIPAA
• Strong understanding of cybersecurity principles, compliance requirements, and risk management practices and frameworks, along with implementation experience
• Ability to manage multiple assignments simultaneously and prioritize tasks effectively
• Experience in automating GRC processes and workflows
• Awareness of enterprise risk management (ERM) frameworks
• Detail-oriented with a high level of integrity and professionalism
• Ability to read and comprehend defined policies and processes and follow them with limited oversight
• Proactive and self-motivated with a commitment to continuous learning and improvement
• Strong team player with the ability to work independently and collaboratively cross-functionally
• Effective communication and presentation skills in English, including reading, writing, and speaking due to collaboration with US-based teams and process documentation requirements
• Flexibility to adjust working hours for regular coordination with US-based teams located in EST and CST timezones

Responsibilities

• Identify, assess, and maintain a comprehensive risk register of cybersecurity risks across organizational and third-party contexts, ensuring alignment with internal risk assessment frameworks and best practices
• Partner with risk owners to facilitate risk mitigation and provide guidance and support for risk mitigation plans
• Monitor and review risk management strategies, ensuring alignment with organizational policies and industry best practices
• Conduct comprehensive security and compliance assessments, including those focused on regulatory non-compliance, producing detailed assessment reports
• Analyze documentation, policies, and operational practices related to cybersecurity and compliance
• Conduct internal reviews, producing detailed reports on internal reviews, assessments, and findings
• Assist with internal and external audits of our Platform, including preparing documentation and maintaining an organized audit documentation repository, coordinating requests, and tracking findings, related to the Platform's security and compliance
• Contribute to the management and administration of GRC or Procurement platforms (e.g., Fusion RM, Zip, Anecdotes, Vanta) and related tools
• Support the development, implementation, and maintenance of GRC policies, procedures, and controls
• Support the team in monitoring changes in relevant regulations and compliance standards (e.g., SOC 2, ISO 27001, ISO 22301, ISO 42001, HIPAA), contributing to summaries of those changes and their impact on our compliance posture, and escalating to senior staff as needed
• Ensure vendor compliance with applicable regulations and standards through ongoing monitoring and assessments, maintaining a vendor compliance tracking system
• Evaluate and enhance the effectiveness of internal controls related to compliance, including design, implementation, and testing
• Communicate effectively with vendors and internal stakeholders to gather information, address concerns, provide guidance on security and compliance requirements, and resolve discrepancies
• Collaborate with procurement, legal, security, and IT teams to ensure vendor risk assessments align with organizational objectives and policies
• Support customer pre-sales and renewals by providing cybersecurity-related information and assurance within RFPIO
• Provide targeted training and support to internal teams on vendor risk management and compliance requirements
• Prepare clear and concise vendor security assessment reports, including findings, risk ratings, and recommendations for management and stakeholders
• Coordinate quarterly meetings with risk owners to review risk status, discuss mitigation plans, and ensure alignment with risk management strategies
• Coordinate quarterly meetings with control owners to review control status, gather information for reporting purposes, and ensure control effectiveness
• Report on quarter-over-quarter control and risk performance metrics to identify trends, potential weaknesses, and areas for improvement
• Contribute actively to relevant conversations and discussions related to work items, and attend all scheduled team meetings and virtual events, to ensure effective communication and collaboration within the remote team

Preferred Qualifications

• Knowledge of or certifications related to NIST, ISO 31000, ISO 42001
• Knowledge of Jira to track vulnerabilities for effective risk management
• Understanding of how to navigate effectively within Google Products (examples: Google Docs, Google Sheets, Google Forms, Google Slides, etc)
• Experience leveraging GRC tooling or platforms for automation along with managing plugins for various integrations tied to compliance monitoring
• Ability to coordinate various testing scenarios independently related to business continuity or disaster recovery, along with documenting
• Aligning stakeholder requirements to business objectives while meeting compliance requirements
• Knowledge or risk control self-assessments (RCSAs)

Benefits

• Axonius is committed to ensuring that each team member has a clear and attainable long-term career path . To support this, we allocate a yearly budget to every employee, enabling them to invest in their own growth and learning according to their specific needs and aspirations
• We understand the importance of maintaining a healthy work-life balance . That's why we provide our employees with three long weekends throughout the year, giving them the opportunity to rejuvenate, spend quality time with loved ones, and invest in their own well-being
• In addition, we created a special parental leave policy which allows both primary caregiver and secondary caregiver to spend substantial time with their newborn
• We’re also proud to offer extra vacation days for the following important life events: marriage, birth of a grandchild, special milestones related to your children, loss of pregnancy and bereavement
• We see you . As part of our culture, our employees' well-being is important to us.That’s why we offer psychological support services and support services
• While we have physical offices in the United State, Brazil, and Tel Aviv, we embrace a flexible working culture . The majority of our employees work remotely , regardless of their location around the globe
• This flexibility allows us to tap into a diverse talent pool and enables our team members to work in a way that suits their individual preferences and circumstances
• As a global company, we strive for excellence in everything we do. To support our employees in communicating effectively across borders, we provide English lessons as part of our commitment to their success