Senior GRC Manager

Herzliya, Tel Aviv District, Israel

Pontera

Pontera enables advisors to manage and trade their clients’ retirement accounts including 401(k)s and 403(b)s as part of a holistic portfolio

View all jobs at Pontera

Apply now Apply later

Pontera is a fintech company on a mission to help people retire better. Our software platform enables retirement savers to get the help they need managing their 401(k) and other retirement plan accounts as part of a personalized strategy by their trusted financial advisor. 

Pontera is used by financial advisors across the nation– from SMB to Fortune 500 RIA firms, independent broker-dealers, plan custodians, and plan advisors. 

Backed by leading venture capital firms including ICONIQ Growth and Lightspeed Venture Partners, Pontera is built by talented individuals who share a dedication to helping people retire with greater security. 

Our team is fast-growing and driven to become one of the largest fintech companies in the world.  Our culture is built on a people-first principle: in a complex and numbers-driven industry, we never lose sight of the people we serve and work alongside. That’s where you come in.

We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining Pontera’s robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.

The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.


RESPONSIBILITIES

  • Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support Pontera’s security and privacy obligations.
  • Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
  • Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
  • Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
  • Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
  • Manage Pontera’s customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
  • Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
  • Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
  • Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.

REQUIREMENTS

  • 5+ years of experience in GRC, security compliance, or audit within a cloud-native or SaaS environment.
  • Proven track record supporting and maintaining certifications such as SOC 2 Type II, ISO 27001, 27017, and 27018.
  • Strong understanding of the NIST Cybersecurity Framework and CIS Critical Security Controls as applied in modern SaaS/cloud environments.
  • Familiarity with privacy management standards such as ISO 27701, ISO 29134, or equivalent frameworks (e.g., NIST Privacy Framework, GDPR Art. 35 PIAs)
  • Hands-on experience with GRC automation tools (e.g., Drata, Vanta, Tugboat Logic, OneTrust).
  • Excellent communication skills, particularly for external audit and customer diligence engagements.
  • Strong organizational and project management capabilities, with an ability to coordinate across functions and meet deadlines.

Preferred Qualifications

  • Experience managing a Trust Center (e.g., SafeBase).
  • Certifications such as CISM, CRISC, CCSK, or ISO 27001 Lead Implementer.
  • Previous experience in regulated or trust-sensitive industries such as fintech, B2B SaaS, or healthtech industries.

 

WHAT WE OFFER
  • Opportunity: Have a major impact at a fast-growing startup that is revolutionizing the FinTech industry
  • Team Culture: A collegial, collaborative, fun work environment with frequent team events
  • Equity: All new hires are eligible for equity grant participation
  • Professional Development: Sponsored learning & development program
  • Work Flexibility: A hybrid office work model (In-Office Mon/Tues/Weds and WFH Sun//Thurs)

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Automation CCSK CISM CISO Cloud Compliance CRISC FinTech GDPR Governance ISO 27001 Monitoring NIST Privacy Risk assessment Risk management SaaS SOC SOC 2 Strategy

Perks/benefits: Career development Startup environment Team events

Region: Middle East
Country: Israel

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.