GRC Security Specialist
If you shop online (and who doesn’t these days?), then chances are you’ve already interacted with Yotpo. We’re a leading eCommerce retention marketing platform, on a mission to help brands of all sizes turn one-time shoppers into customers for life. Loyalty programs, SMS and email marketing, subscriptions, and reviews are our bread and butter, but we have more solutions up our sleeve, too.
We have teams across the world, including the US, Canada, UK, Israel, Bulgaria, and Australia — and we’re still growing. Our primary goal is to deliver the best technology in the industry.
You can hear all about it in our latest brand video.
Sounds exciting? Then read on, because we’re in pursuit of the best and the brightest minds to help us achieve our vision.
We are looking for a highly professional, multitasker, and demonstrated team-player to join us as a GRC Specialist and participate in all aspects of compliance, risk management, security evaluations and processes in the security field. In this role you will be part of the IT and Security team and have the opportunity to create immediate impact in our organization.
- Solid knowledge of information security principles and practices.
- Knowledge of risk management frameworks and industry compliance standards such as ISO 27001/ SOC2 / CSA
- Monitor compliance with information security and privacy policies at a technology company.
- Completing vendor security assessments and reviews
- Reviewing security clauses in customer and vendor contracts
- Providing, reviewing and enhancing security training and awareness programs
- Track and report on organizational compliance with SOC procedures
- Management of the organization's technological risk assessments
- Helping security leaders to identify and assess risks to the organization, and developing strategies to manage and mitigate these risks.
- Develop and implement best practices for assessing and evaluating IT and security controls for the organization, third-party businesses, and provide M&A support.
- Ability to manage the process of Penetration testing and technical Risk assessments end to end till closure
- Supporting the business with customer engagements, including attending customer calls and supporting our sales teams
- Great interpersonal skills and ability to work in a team and with multiple interfaces
- Minimum of 3 years of experience in a similar role in a technology/software/cloud organization - or a consultancy firm
- Experience implementing and enforcing information security, regulatory and privacy policies across the business.
- Experience working at SaaS provider company - an advantage.
- Acquaintance working with cyber security tools and products
- BA / BS / Engineer in Computer Sciences or comparable Information Security Certifications