GRC Analyst
@ Upwind Security

Tel Aviv-Yafo, Tel Aviv District, Israel

$120,000

On Site

Full Time

Posted 1 day ago

Your Application Journey

Email Hiring Manager

XXXXXXXX XXXXXXXXXXX XXXXXXXX***** @upwindsecurity.com

Recommended after applying

Job Details

Job Description

Upwind Security is seeking a highly motivated GRC Analyst. Upwind provides a next-generation Cloud Security Platform that leverages runtime context for risk prioritization and posture insights. The role supports the implementation, operation, and continuous improvement of the GRC framework to ensure alignment with regulatory requirements and industry best practices.

Responsibilities

Governance: Develop, maintain, and socialize security policies aligned with ISO 27001, SOC 2, GDPR, FedRamp, and more.
Risk Management: Lead enterprise, product, and vendor risk management programs through assessments and mitigation plans.
Compliance Readiness: Drive security compliance initiatives such as SOC 2 Type II, ISO 27001, and customer audits.
Third-Party Risk: Operate a security review program and collaborate on vendor onboarding/offboarding.
Audit & Assurance: Prepare audit evidence, manage audits, and enhance audit readiness.
Training & Awareness: Run company-wide security awareness and training programs.
Metrics & Reporting: Develop KPIs and dashboards for control effectiveness and risk posture reporting.
Collaboration: Partner with Legal, Engineering, Product, and IT to embed compliance into business processes.

Requirements

8+ years of experience in GRC, InfoSec, or risk & compliance functions.
Strong understanding of standards such as SOC 2, ISO 27001, PCI, NIST, GDPR, and CIS.
Experience leading compliance projects and end-to-end audits.
Hands-on experience with GRC tooling and risk management workflows.
Excellent ability to write and communicate security policies, reports, and training materials.
Strong project management skills and stakeholder engagement ability.
Experience in a fast-paced startup or SaaS environment is a plus.
Relevant certifications like CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are a plus.

Key skills/competency

GRC
Governance
Risk Management
Compliance
ISO 27001
SOC 2
Audit
Cloud Security
eBPF
Startup

Apply without a personalized resume

How to Get Hired at Upwind Security

🎯 Tips for Getting Hired

Customize your resume: Highlight specific GRC and compliance experience.
Showcase certifications: Emphasize relevant credentials and audit experience.
Research Upwind Security: Understand their cloud security platform and tools.
Prepare examples: Detail past risk management and compliance results.

📝 Interview Preparation Advice

Technical Preparation

Review key GRC frameworks and standards.

Practice using GRC and risk management tools.

Brush up on IT security policies and regulations.

Familiarize with cloud security threat detection.

Behavioral Questions

Describe a complex compliance project challenge.

Explain your decision-making in risk management.

Discuss collaboration across diverse teams.

Share experience handling audit pressures.

Ready to optimize your application for Upwind Security?

Our Al will adapt your resume for Upwind Security's hiring patterns and similar GRC Analyst roles.

Frequently Asked Questions

What should candidates know about applying for the GRC Analyst role at Upwind Security?

How does Upwind Security evaluate GRC expertise during interviews for the GRC Analyst position?

What certifications enhance a candidate's chances for the GRC Analyst role at Upwind Security?