Senior Cybersecurity Governance, Risk, and Compliance Analyst

Job description

We are growing and are looking for future Axonians who value personal and career growth, teamwork, and winning!

As a Senior Cybersecurity GRC Analyst based in Israel, you will play a critical role in cybersecurity governance, risk management, and compliance across our organization and with third-party vendors. This role encompasses conducting comprehensive security and compliance assessments, managing vendor risk, and contributing to the continuous improvement of our GRC program. We are seeking a proactive candidate with proven expertise in cybersecurity, a deep understanding of regulatory standards, and strong communication (spoken and written in English) skills to collaborate effectively with internal and external stakeholders.

This role includes a documented 30-, 60-, and 90-day onboarding plan that outlines key milestones and objectives to facilitate your integration and success within the team. This plan will be closely monitored with regular feedback sessions to ensure progress and provide support.

Cybersecurity Risk & Assurance:

• Identify, assess, and maintain a comprehensive risk register of cybersecurity risks across organizational and third-party contexts, ensuring alignment with internal risk assessment frameworks and best practices.
• Partner with risk owners to facilitate risk mitigation and provide guidance and support for risk mitigation plans.
• Monitor and review risk management strategies, ensuring alignment with organizational policies and industry best practices.
• Conduct comprehensive security and compliance assessments, including those focused on regulatory non-compliance, producing detailed assessment reports.
• Analyze documentation, policies, and operational practices related to cybersecurity and compliance.
• Conduct internal reviews, producing detailed reports on internal reviews, assessments, and findings.

Governance, Risk, & Compliance (GRC) Support:

• Assist with internal and external audits of our Platform, including preparing documentation and maintaining an organized audit documentation repository, coordinating requests, and tracking findings, related to the Platform’s security and compliance.
• Contribute to the management and administration of GRC or Procurement platforms (e.g., Fusion RM, Zip, Anecdotes, Vanta) and related tools.
• Support the development, implementation, and maintenance of GRC policies, procedures, and controls.

Compliance Management:

• Support the team in monitoring changes in relevant regulations and compliance standards (e.g., SOC 2, ISO 27001, ISO 22301, ISO 42001, HIPAA), contributing to summaries of those changes and their impact on our compliance posture, and escalating to senior staff as needed.
• Ensure vendor compliance with applicable regulations and standards through ongoing monitoring and assessments, maintaining a vendor compliance tracking system.
• Evaluate and enhance the effectiveness of internal controls related to compliance, including design, implementation, and testing.

Reporting & Communication:

• Communicate effectively with vendors and internal stakeholders to gather information, address concerns, provide guidance on security and compliance requirements, and resolve discrepancies.
• Collaborate with procurement, legal, security, and IT teams to ensure vendor risk assessments align with organizational objectives and policies.
• Support customer pre-sales and renewals by providing cybersecurity-related information and assurance within RFPIO.
• Provide targeted training and support to internal teams on vendor risk management and compliance requirements.
• Prepare clear and concise vendor security assessment reports, including findings, risk ratings, and recommendations for management and stakeholders.
• Coordinate quarterly meetings with risk owners to review risk status, discuss mitigation plans, and ensure alignment with risk management strategies.
• Coordinate quarterly meetings with control owners to review control status, gather information for reporting purposes, and ensure control effectiveness.
• Report on quarter-over-quarter control and risk performance metrics to identify trends, potential weaknesses, and areas for improvement.
• Contribute actively to relevant conversations and discussions related to work items, and attend all scheduled team meetings and virtual events, to ensure effective communication and collaboration within the remote team.

Reach out if you are:

• Understanding of corporate governance principles and best practices
• 5+ years of combined experience in any of the following areas: Cybersecurity Risk, Vendor Risk, Enterprise Risk, IT System Administrator, IT Auditing, or related fields
• Understanding of or certifications related to SOC 2, ISO 27001, ISO 22301, ISO 42001, HIPAA
• Strong understanding of cybersecurity principles, compliance requirements, and risk management practices and frameworks, along with implementation experience
• Ability to manage multiple assignments simultaneously and prioritize tasks effectively
• Experience in automating GRC processes and workflows
• Awareness of enterprise risk management (ERM) frameworks
• Detail-oriented with a high level of integrity and professionalism
• Ability to read and comprehend defined policies and processes and follow them with limited oversight
• Proactive and self-motivated with a commitment to continuous learning and improvement
• Strong team player with the ability to work independently and collaboratively cross-functionally
• Effective communication and presentation skills in English, including reading, writing, and speaking due to collaboration with US-based teams and process documentation requirements
• Flexibility to adjust working hours for regular coordination with US-based teams located in EST and CST timezones

Advantages:

• Knowledge of or certifications related to NIST, ISO 31000, ISO 42001
• Knowledge of Jira to track vulnerabilities for effective risk management
• Understanding of how to navigate effectively within Google Products (examples: Google Docs, Google Sheets, Google Forms, Google Slides, etc)
• Experience leveraging GRC tooling or platforms for automation along with managing plugins for various integrations tied to compliance monitoring
• Ability to coordinate various testing scenarios independently related to business continuity or disaster recovery, along with documenting
• Aligning stakeholder requirements to business objectives while meeting compliance requirements
• Knowledge or risk control self-assessments (RCSAs)

Our Culture and Benefits:

• Axonius is committed to ensuring that each team member has a clear and attainable long-term career path. To support this, we allocate a yearly budget to every employee, enabling them to invest in their own growth and learning according to their specific needs and aspirations.
• We understand the importance of maintaining a healthy work-life balance. That’s why we provide our employees with three long weekends throughout the year, giving them the opportunity to rejuvenate, spend quality time with loved ones, and invest in their own well-being. In addition, we created a special parental leave policy which allows both primary caregiver and secondary caregiver to spend substantial time with their newborn. We’re also proud to offer extra vacation days for the following important life events: marriage, birth of a grandchild, special milestones related to your children, loss of pregnancy and bereavement.
• We see you. As part of our culture, our employees’ well-being is important to us.That’s why we offer psychological support services and support services.
• While we have physical offices in the United State, Brazil, and Tel Aviv, we embrace a flexible working culture. The majority of our employees work remotely, regardless of their location around the globe. This flexibility allows us to tap into a diverse talent pool and enables our team members to work in a way that suits their individual preferences and circumstances.
• As a global company, we strive for excellence in everything we do. To support our employees in communicating effectively across borders, we provide English lessons as part of our commitment to their success.

Equal opportunities

At Axonius we support a diverse and inclusive workplace and believe in equal employment opportunity. We welcome people of different backgrounds, experiences, abilities, and perspectives, regardless of race, color, ancestry, religion, age, sex, gender identity, national origin, sexual orientation, citizenship, marital status, disability, or Veteran status.

#LI-HYBRID

#LI-RV1

A little more about Axonius:

Axonius transforms asset intelligence into intelligent action. With the Axonius Asset Cloud, customers preemptively tackle high-risk and hard-to-spot threat exposures, misconfigurations, and overspending. The integrated platform brings together data from every system in an organization’s IT infrastructure to optimize mission-critical risk, performance, and cost measures via actionable intelligence. Covering cyber assets, software, SaaS applications, identities, vulnerabilities, infrastructure, and more, Axonius is the one place to go for Security, IT, and GRC teams to continuously drive actionability across the organization. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers the lifecycle of millions of assets for leading customers across industries and around the world.

Axonius is named to the 2025 Fast Company World’s Most Innovative Companies and the 2024 Forbes Cloud 100. Axonius is recognized with the Great Place to Work Certification™ and for two years in a row, Axonius was ranked Deloitte Technology Fast 500 list. Axonius has been cited as the fastest-growing cybersecurity company in history by revenue.

At Axonius we support a diverse and inclusive workplace and believe in equal employment opportunity. We welcome people of different backgrounds, experiences, abilities and perspectives, regardless of race, color, ancestry, religion, age, sex, gender identity, national origin, sexual orientation, citizenship, marital status, disability, or Veteran status.

By submitting your application to us, you acknowledge that your personal data will be processed in accordance with our Global Job Candidate Privacy Notice.