The GRC Product Compliance Lead should ensure the appropriate security governance within the Imperva Compliance Program scope; assess risks and required controls, and test adherence to Imperva policies, standards, and procedures. This position will collaborate with other members of the Security &Trust and other operational teams to evaluate information security controls and implement/improve appropriate controls/processes and monitoring the compliance status.
The position must possess initiative and drive and have broad relevant technical knowledge for a cloud-based environment.
- Review, analyze and monitor security risks and vulnerabilities against policies, standards, and frameworks such as ISO, SOC2, PCI, NIST etc.
- Provides coordination during internal/external audit and incident events to ensure compliance with process and timely resolution
- Serve as the subject matter expert who will actively guide engineering and product teams on all security and compliance related risks and issues related to technical components within Imperva products and services
- Work with supported business areas to develop metrics and report to demonstrate remediation and compliance status.
- Work effectively with remote offshore team on assessments and compliance monitoring activities.
- Work with appropriate stakeholders to prepare and present relevant information on compliance and risk status.
- Provide security compliance requirements into cloud solutions design and architecture to ensure it is incorporated early in the process
- Information Security certifications such as the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM) is required or must be obtained within 2 years of acceptance of position.
- 6+ years’ of experience in a combination of compliance, risk management, information security jobs
- Experience with PCI, SOC2, ISO27001 process and regulations
- Experience and good understanding of Governance, Risk and Compliance processes
- Experience managing information security policies and procedures
- Experience of IT audit and risk management / assessment process
- Excellent oral and written communication skills (must: English, good-to-have: Hebrew)
- Strong interpersonal and organizational skills
- Must be a team player, be organized and have the ability to handle multiple projects
- Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability
- Working knowledge of GRC tools such as AuditBoard and OneTrust a plus
Imperva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, ancestry, pregnancy, age, sexual orientation, gender identity, marital status, protected veteran status, medical condition or disability, or any other characteristic protected by law.