Senior GRC Manager
Herzliya, Tel Aviv District, Israel
Pontera
Pontera enables advisors to manage and trade their clients’ retirement accounts including 401(k)s and 403(b)s as part of a holistic portfolioPontera is a fintech company on a mission to help people retire better. Our software platform enables retirement savers to get the help they need managing their 401(k) and other retirement plan accounts as part of a personalized strategy by their trusted financial advisor.
Pontera is used by financial advisors across the nation– from SMB to Fortune 500 RIA firms, independent broker-dealers, plan custodians, and plan advisors.
Backed by leading venture capital firms including ICONIQ Growth and Lightspeed Venture Partners, Pontera is built by talented individuals who share a dedication to helping people retire with greater security.
Our team is fast-growing and driven to become one of the largest fintech companies in the world. Our culture is built on a people-first principle: in a complex and numbers-driven industry, we never lose sight of the people we serve and work alongside. That’s where you come in.
We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining Pontera’s robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.
The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.
RESPONSIBILITIES
- Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support Pontera’s security and privacy obligations.
- Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
- Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
- Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
- Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
- Manage Pontera’s customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
- Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
- Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
- Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.
REQUIREMENTS
- 5+ years of experience in GRC, security compliance, or audit within a cloud-native or SaaS environment.
- Proven track record supporting and maintaining certifications such as SOC 2 Type II, ISO 27001, 27017, and 27018.
- Strong understanding of the NIST Cybersecurity Framework and CIS Critical Security Controls as applied in modern SaaS/cloud environments.
- Familiarity with privacy management standards such as ISO 27701, ISO 29134, or equivalent frameworks (e.g., NIST Privacy Framework, GDPR Art. 35 PIAs)
- Hands-on experience with GRC automation tools (e.g., Drata, Vanta, Tugboat Logic, OneTrust).
- Excellent communication skills, particularly for external audit and customer diligence engagements.
- Strong organizational and project management capabilities, with an ability to coordinate across functions and meet deadlines.
Preferred Qualifications
- Experience managing a Trust Center (e.g., SafeBase).
- Certifications such as CISM, CRISC, CCSK, or ISO 27001 Lead Implementer.
- Previous experience in regulated or trust-sensitive industries such as fintech, B2B SaaS, or healthtech industries.
WHAT WE OFFER
- Opportunity: Have a major impact at a fast-growing startup that is revolutionizing the FinTech industry
- Team Culture: A collegial, collaborative, fun work environment with frequent team events
- Equity: All new hires are eligible for equity grant participation
- Professional Development: Sponsored learning & development program
- Work Flexibility: A hybrid office work model (In-Office Mon/Tues/Weds and WFH Sun//Thurs)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation CCSK CISM CISO Cloud Compliance CRISC FinTech GDPR Governance ISO 27001 Monitoring NIST Privacy Risk assessment Risk management SaaS SOC SOC 2 Strategy
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.