<
Go to Engineering
Kfar Saba, Israel

Security Governance, Risk and Compliance Manager


We are looking for a Security Governance, Risk and Compliance Manager that has the passion for evaluating and measuring Information Security risk to inform pragmatic standards, and guidelines. You will be responsible for helping to design and iterate on security controls to address these risks in a way that helps empower and maintain Next Insurance's culture of rapid innovation and growth. In this role, you will stay informed about the dynamic regulatory landscape, industry trends and internal operations, along with communicating and driving delivery of solutions for security compliance at Next Insurance. This position requires a mix of broad business and technical skills along with strong interpersonal skills in order to evaluate and influence decisions around security risk management.

Responsibilities:

Reporting to the Chief Information Security Officer (CISO), this position will oversee key functions of the Information Security Program including Governance Risk & Compliance (GRC), and Third Party Risk Management.

Build out the Risk Management function, expand our existing strategy into the next level of tactical risks in cyber and business continuity, allowing us to identify and manage more discrete risks.

Being a trusted partner to product and engineering teams.

Simplifying and articulating deep technical concepts and requirements into easily understood terms.

Translating compliance requirements into operational procedures.

Desired Skills and Experience:

4+ years of audit, risk and/or compliance experience as an external or internal function, primarily in regulated environments such as insurance, healthcare or financial services

2+ years of people management experience.

Deep understanding of Information Security risk management concepts from both enterprise and start-up perspectives (e.g. ITIL Change Management vs. DevOps Continuous Delivery)

Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.

Have start-up DNA: You have demonstrated an ability to thrive in a dynamic start-up environment or have the DNA to do so.

Good understanding of security assurance and trust frameworks ( NIST 800-53, ISO2700x, 23 NYCRR 500, etc.)

Good understanding of privacy and data protection laws (CCPA, GDPR, GLBA Privacy and Safeguards Rules)

Apply For This Position