GRC Specialist

Summary Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations more strict, organizations struggle to answer one key question: “Is my data safe?  At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe the most practical approach is protecting data from the inside out. We’ve built the industry’s first fully autonomous Data Security Platform to help our customers dramatically reduce risk with minimal human effort.  At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.   Job Overview:  We are seeking a highly skilled and experienced Security GRC (Governance, Risk, and Compliance) Specialist to join our team. The ideal candidate will report to the GRC manager, have a strong background in security governance, risk management, and compliance, with a proven track record of successfully implementing GRC programs. Key Responsibilities: 

• Develop, implement, and maintain GRC frameworks, policies, and procedures. 

• Respond to customer due diligence requests, assist with contract agreements, and participate in customer calls to address GRC-related inquiries. 

• Conduct risk assessments and identify potential security threats and vulnerabilities. 

• Collaborate with cross-functional teams to integrate GRC initiatives into business processes. 

• Design and maintain security awareness program (e.g., conduct phishing simulations, generate newsletters, administer training platform) 

• Monitor and report on the effectiveness of GRC programs and controls. 

• Provide guidance and support to internal stakeholders on GRC-related matters. 

• Stay up to date with industry trends and emerging threats to continuously improve the GRC program. 

• Perform technical risk assessments. 

Qualifications: 

• Bachelor’s degree in information security, Computer Science, or a related field. 

• Minimum of 3 years of experience in GRC, and information security. 

• Strong knowledge of regulatory requirements and industry standards (e.g., GDPR, HIPAA, ISO 27001). 

• Experience in conducting customer due diligence, handling customer calls. 

• Experience in conducting security audits such as SOC 2 and ISO 27000 family. 

• Experience with GRC platforms, including third-party risk management, and security awareness. 

• Excellent analytical, problem-solving, and communication skills. 

• Ability to work independently and as part of a team in a fast-paced environment. 

• Relevant certifications such as CISSP, CISM, or CRISC are preferred. 

• Highly advantageous, experience with:  

• Business Continuity Planning (BCP) 

• performing technical risk assessments on various systems, including cloud, network, and application environments. 

• Payment Card Industry (PCI) standards 

• Cyber Essentials plus 

• AI Security and Governance practices  

• Managing Bug Bounty programs 

 We invite you to check out our Instagram Page to gain further insight into the Varonis culture!@VaronisLifeVaronis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.#LI-Hybrid