GRC Manager

Accelerate Your Career in Cybersecurity
As a leader in Automated Security Validation, we help businesses around the world safely emulate real-world attacks to uncover their vulnerabilities. At Pentera, you will be at the forefront of cybersecurity innovation, working on advanced tools that challenge organizations' defenses and push the limits of security testing.

With over 400 team members and 1,100+ customers in more than 50 countries, Pentera is a growing company supported by top investors like Insight Partners, K1, and The Blackstone Group.

If you are looking to grow your skills, make a difference, and be part of an innovative team, Pentera is the place for you.

About the role:
We're looking for an experienced GRC Manager to join our team in Israel. We're seeking someone with solid, hands-on experience who can take ownership and lead both technically and operationally.

You will lead the certification and accreditation processes for Pentera, managing all current compliance frameworks and certifications. This includes both preparation activities and direct engagement with external auditors, from readiness and gap analysis through to achieving final reports or certificates.

Roles and Responsibilities:

• Lead internal and external audit and certification cycles, ensuring readiness and successful completion of assessments.
• Maintain and continuously improve Pentera's internal control framework, ensuring that security and compliance controls are effective, documented, and aligned across ISO 27001, SOC 2, and privacy requirements.
• Develop, maintain, and enhance security and compliance documentation, including policies, procedures, and evidence repositories.
• Manage the ongoing risk management process by maintaining a centralized risk register and ensuring alignment between business objectives, regulatory obligations, and security controls.
• Conduct internal audits and risk assessments to evaluate the effectiveness of technical and organizational controls.
• Manage the cybersecurity onboarding and ongoing risk assessments of third-party vendors, while cooperating with Legal to ensure alignment with privacy compliance requirements.
• Manage relationships with external auditors and consultants, ensuring timely completion of certification milestones.
• Partner with cross-functional teams to strengthen the company's overall GRC posture and support continuous improvement initiatives.

Requirements:

• 3-5 Years of proven experience in GRC, information security compliance, or audit management roles.
• Experience with audit and certification processes of information security frameworks (e.g., ISO 27001, SOC 2).
• Ability to manage cross-functional projects and collaborate effectively with internal stakeholders and external auditors, and consultants.
• Excellent communication skills and attention to detail.
• Fluent in English (written and spoken).

Preferred Skills:

• Experience with risk assessments and managing a risk register end-to-end.
• Experience with third-party vendor risk management.
• Experience in compliance frameworks of cloud infrastructure.
• Knowledge of privacy regulations such as GDPR and CCPA.
• Background in cybersecurity or IT risk management.

We are an equal opportunity employer and we are committed to building a diverse and talented workforce. We do not discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, medical condition, disability, or any other class or characteristic protected by applicable law. We welcome candidates from all backgrounds to join us