GRC Analyst
@ Upwind Security

Tel Aviv-Yafo, Tel Aviv District, Israel

$120,000

On Site

Full Time

Posted 23 days ago

Your Application Journey

Interview

Email Hiring Manager

XXXXXXXXX XXXXXXXXXXX XXXXXXXX****** @upwindsecurity.com

Recommended after applying

Job Details

About Upwind Security

Upwind is a next-generation Cloud Security Platform leveraging runtime context to identify and prioritize critical risks. It uses runtime data, eBPF-powered sensors, and proactive insights to provide cost-effective, comprehensive cloud security management.

Role Overview: GRC Analyst

Upwind Security is seeking a highly motivated GRC Analyst to join our growing Security & Compliance team. In this role, you will support the implementation, operation, and continuous improvement of our GRC framework, ensuring that policies, procedures, and controls align with regulatory requirements and industry best practices.

Responsibilities

Governance: Develop, maintain, and socialize security policies, standards, and procedures aligned with ISO 27001, SOC 2, GDPR, FedRamp and other frameworks.
Risk Management: Lead risk assessment programs covering enterprise, product, and vendor risks.
Compliance Readiness: Own security compliance initiatives including SOC 2 Type II, ISO 27001, and customer audits.
Third-Party Risk: Build and operate a third-party security review program in collaboration with Procurement and Legal.
Audit & Assurance: Prepare evidence and manage internal and external audits to continuously improve audit readiness.
Training & Awareness: Run company-wide security awareness and training programs.
Metrics & Reporting: Develop KPIs and dashboards to track control effectiveness and risk posture for leadership.
Collaboration: Partner with Legal, Engineering, Product, and IT to integrate compliance across business processes.

Requirements

8+ years of experience in GRC, InfoSec, or risk & compliance functions.
Strong understanding of industry standards and frameworks (SOC 2, ISO 27001, PCI, NIST, GDPR, CIS).
Experience leading compliance projects and audits end-to-end.
Hands-on experience with GRC tooling and risk management workflows.
Ability to write and communicate security policies, reports, and training clearly.
Strong project management skills and stakeholder engagement.
Prior experience in a fast-paced startup or SaaS environment is a plus.
Relevant certifications (CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor) are a plus.

Key skills/competency

GRC
Cloud Security
Risk Management
Compliance
ISO 27001
SOC 2
Auditing
Policy Development
eBPF
Security Awareness

Apply without a personalized resume

How to Get Hired at Upwind Security

🎯 Tips for Getting Hired

Research Upwind Security: Understand their Cloud Security Platform and culture.
Customize your resume: Highlight GRC and compliance experience.
Showcase certifications: Mention CISA, CISM, or CRISC if applicable.
Prepare case examples: Detail past audit and risk management successes.

📝 Interview Preparation Advice

Technical Preparation

Review cloud security frameworks and tools.

Study ISO 27001, SOC 2 audit processes.

Practice risk assessment case studies.

Update skills in GRC software applications.

Behavioral Questions

Describe handling compliance challenges.

Explain risk management conflict resolution.

Discuss teamwork in cross-department projects.

Share a time meeting tight audit deadlines.

Ready to optimize your application for Upwind Security?

Our Al will adapt your resume for Upwind Security's hiring patterns and similar GRC Analyst roles.

Frequently Asked Questions

What should I emphasize when applying for the GRC Analyst role at Upwind Security?

How can candidates prepare for the interview process for a GRC Analyst at Upwind Security?

Does Upwind Security require cloud security experience for the GRC Analyst position?

Are industry certifications necessary for applying to the GRC Analyst role at Upwind Security?

What kind of work environment does Upwind Security offer for a GRC Analyst?