Information Security Risk & Compliance Expert

Company Description

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on X, LinkedIn or Facebook.

Job Description

CyberArk, a global leader in Identity Security, is seeking a talented GRC Compliance Expert to join our Governance, Risk, and Compliance team.
This role is ideal for someone with a strong understanding of leading international standards and regulations (such as ISO 27001, SOC 2, PCI-DSS, and others) and a passion for building and maintaining scalable, enterprise-grade compliance programs.

You’ll play a central role in ensuring ongoing organizational alignment with world-class frameworks while working closely with cross-functional teams to drive a culture of trust, risk awareness, and regulatory readiness.
We are especially looking for someone with hands-on experience implementing and maintaining PCI-DSS / SOC2 compliance, including managing assessments, evidence collection, and cross-functional collaboration.

Key Responsibilities

• Ensure the company’s continuous compliance with leading international standards and regulatory frameworks (e.g., ISO 27001, SOC 2, PCI-DSS).
• Serve as a subject matter expert on PCI-DSS, including supporting annual assessments, gap analyses, and remediation planning.
• Maintain, update, and improve internal GRC policies, controls, and documentation in line with global best practices.
• Monitor changes in the regulatory and industry landscape and assess their applicability to CyberArk’s operations.
• Lead internal control mapping, gap assessments, and remediation tracking.
• Coordinate audit readiness efforts and maintain supporting evidence for external assurance engagements.
• Support risk management activities such as risk assessments, risk registers, mitigation tracking, and escalation workflows.
• Collaborate with teams across Security, IT, Legal, Engineering, and Operations to align compliance and business needs.
• Drive internal awareness and training initiatives on key compliance requirements and GRC processes.
• Contribute to the maturity and automation of the GRC program using dedicated platforms/tools.

#LI-Hybrid

#LI-CR1

Qualifications

• 3+ years of hands-on experience in GRC, Information Security, or Compliance roles.
• Deep familiarity with global standards and regulatory frameworks: ISO 27001, SOC 2, and strong practical experience with PCI-DSS.
• Proven experience supporting PCI-DSS compliance across multiple domains (network security, access control, data protection, etc.).
• Experience managing internal compliance programs in tech-driven or cloud-native environments.
• Excellent written and verbal communication skills in English – ability to document, analyze, and present compliance-related content clearly.
• Highly organized, detail-oriented, and self-motivated with strong analytical thinking.
• Proven ability to work collaboratively across teams in a dynamic environment.
• A positive, proactive, and solution-oriented mindset (can-do approach).
• Experience with GRC platforms is a plus.
• Relevant certifications (e.g. CISA, CISM, CISSP, ISO 27001 Lead Auditor, PCIP) – an advantage.