GRC Analyst
@ Upwind Security

Tel Aviv-Yafo, Tel Aviv District, Israel
$120,000
On Site
Full Time
Posted 19 hours ago

Your Application Journey

Personalized Resume
Apply
Email Hiring Manager
Interview

Email Hiring Manager

XXXXXXXXX XXXXXXXXXXX XXXXXXXX****** @upwindsecurity.com
Recommended after applying

Job Details

About Upwind Security

Upwind is a next-generation Cloud Security Platform leveraging runtime context to identify and prioritize critical risks. It uses runtime data, eBPF-powered sensors, and proactive insights to provide cost-effective, comprehensive cloud security management.

Role Overview: GRC Analyst

Upwind Security is seeking a highly motivated GRC Analyst to join our growing Security & Compliance team. In this role, you will support the implementation, operation, and continuous improvement of our GRC framework, ensuring that policies, procedures, and controls align with regulatory requirements and industry best practices.

Responsibilities

  • Governance: Develop, maintain, and socialize security policies, standards, and procedures aligned with ISO 27001, SOC 2, GDPR, FedRamp and other frameworks.
  • Risk Management: Lead risk assessment programs covering enterprise, product, and vendor risks.
  • Compliance Readiness: Own security compliance initiatives including SOC 2 Type II, ISO 27001, and customer audits.
  • Third-Party Risk: Build and operate a third-party security review program in collaboration with Procurement and Legal.
  • Audit & Assurance: Prepare evidence and manage internal and external audits to continuously improve audit readiness.
  • Training & Awareness: Run company-wide security awareness and training programs.
  • Metrics & Reporting: Develop KPIs and dashboards to track control effectiveness and risk posture for leadership.
  • Collaboration: Partner with Legal, Engineering, Product, and IT to integrate compliance across business processes.

Requirements

  • 8+ years of experience in GRC, InfoSec, or risk & compliance functions.
  • Strong understanding of industry standards and frameworks (SOC 2, ISO 27001, PCI, NIST, GDPR, CIS).
  • Experience leading compliance projects and audits end-to-end.
  • Hands-on experience with GRC tooling and risk management workflows.
  • Ability to write and communicate security policies, reports, and training clearly.
  • Strong project management skills and stakeholder engagement.
  • Prior experience in a fast-paced startup or SaaS environment is a plus.
  • Relevant certifications (CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor) are a plus.

Key skills/competency

  • GRC
  • Cloud Security
  • Risk Management
  • Compliance
  • ISO 27001
  • SOC 2
  • Auditing
  • Policy Development
  • eBPF
  • Security Awareness

How to Get Hired at Upwind Security

🎯 Tips for Getting Hired

  • Research Upwind Security: Understand their Cloud Security Platform and culture.
  • Customize your resume: Highlight GRC and compliance experience.
  • Showcase certifications: Mention CISA, CISM, or CRISC if applicable.
  • Prepare case examples: Detail past audit and risk management successes.

📝 Interview Preparation Advice

Technical Preparation

Review cloud security frameworks and tools.
Study ISO 27001, SOC 2 audit processes.
Practice risk assessment case studies.
Update skills in GRC software applications.

Behavioral Questions

Describe handling compliance challenges.
Explain risk management conflict resolution.
Discuss teamwork in cross-department projects.
Share a time meeting tight audit deadlines.

Frequently Asked Questions