GRC Analyst @ Upwind Security
placeTel Aviv-Yafo, Tel Aviv District, Israel
attach_money $120,000
businessOn Site
scheduleFull Time
Posted 19 hours ago
Your Application Journey
Interview
Email Hiring Manager
****** @upwindsecurity.com
Recommended after applying
Job Details
About Upwind Security
Upwind is a next-generation Cloud Security Platform leveraging runtime context to identify and prioritize critical risks. It uses runtime data, eBPF-powered sensors, and proactive insights to provide cost-effective, comprehensive cloud security management.
Role Overview: GRC Analyst
Upwind Security is seeking a highly motivated GRC Analyst to join our growing Security & Compliance team. In this role, you will support the implementation, operation, and continuous improvement of our GRC framework, ensuring that policies, procedures, and controls align with regulatory requirements and industry best practices.
Responsibilities
- Governance: Develop, maintain, and socialize security policies, standards, and procedures aligned with ISO 27001, SOC 2, GDPR, FedRamp and other frameworks.
- Risk Management: Lead risk assessment programs covering enterprise, product, and vendor risks.
- Compliance Readiness: Own security compliance initiatives including SOC 2 Type II, ISO 27001, and customer audits.
- Third-Party Risk: Build and operate a third-party security review program in collaboration with Procurement and Legal.
- Audit & Assurance: Prepare evidence and manage internal and external audits to continuously improve audit readiness.
- Training & Awareness: Run company-wide security awareness and training programs.
- Metrics & Reporting: Develop KPIs and dashboards to track control effectiveness and risk posture for leadership.
- Collaboration: Partner with Legal, Engineering, Product, and IT to integrate compliance across business processes.
Requirements
- 8+ years of experience in GRC, InfoSec, or risk & compliance functions.
- Strong understanding of industry standards and frameworks (SOC 2, ISO 27001, PCI, NIST, GDPR, CIS).
- Experience leading compliance projects and audits end-to-end.
- Hands-on experience with GRC tooling and risk management workflows.
- Ability to write and communicate security policies, reports, and training clearly.
- Strong project management skills and stakeholder engagement.
- Prior experience in a fast-paced startup or SaaS environment is a plus.
- Relevant certifications (CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor) are a plus.
Key skills/competency
- GRC
- Cloud Security
- Risk Management
- Compliance
- ISO 27001
- SOC 2
- Auditing
- Policy Development
- eBPF
- Security Awareness
How to Get Hired at Upwind Security
🎯 Tips for Getting Hired
- Research Upwind Security: Understand their Cloud Security Platform and culture.
- Customize your resume: Highlight GRC and compliance experience.
- Showcase certifications: Mention CISA, CISM, or CRISC if applicable.
- Prepare case examples: Detail past audit and risk management successes.
📝 Interview Preparation Advice
Technical Preparation
circle
Review cloud security frameworks and tools.
circle
Study ISO 27001, SOC 2 audit processes.
circle
Practice risk assessment case studies.
circle
Update skills in GRC software applications.
Behavioral Questions
circle
Describe handling compliance challenges.
circle
Explain risk management conflict resolution.
circle
Discuss teamwork in cross-department projects.
circle
Share a time meeting tight audit deadlines.
Frequently Asked Questions
What should I emphasize when applying for the GRC Analyst role at Upwind Security?
keyboard_arrow_down
How can candidates prepare for the interview process for a GRC Analyst at Upwind Security?
keyboard_arrow_down
Does Upwind Security require cloud security experience for the GRC Analyst position?
keyboard_arrow_down
Are industry certifications necessary for applying to the GRC Analyst role at Upwind Security?
keyboard_arrow_down
What kind of work environment does Upwind Security offer for a GRC Analyst?
keyboard_arrow_down