Senior Security & Privacy Consultant – GRC & CISO Advisory

Tel AvivFull Time

We are

We are a cloud and security services company composed of technical experts with extensive hands-on experience. We act as trusted advisors to our clients, offering independent, objective and custom-tailored consultation. Our team is dedicated to helping customers through every stage of their cloud and cybersecurity journey, from strategic planning and design to implementation and ongoing operations.

About the position

As a Senior Security, Privacy & GRC Consultant, you will lead and deliver security and privacy engagements for clients across multiple industries. You will act as a trusted advisor to senior stakeholders, supporting and leading CISO-level initiatives and helping organizations design, mature, and operate effective security, privacy, and governance programs.

The role combines GRC leadership with hands-on understanding of cloud and application security, enabling you to provide practical, risk-based guidance that aligns business objectives, regulatory requirements, and technical realities. In addition to client delivery, you will contribute to the evolution of our security and privacy services, mentor team members, and help shape methodologies and offerings, including CISO advisory services.

Responsibilities

•Act as CISO or vCISO for startup and SMB clients, providing security leadership, strategic guidance, and executive-level advisory.
•Act as or support the DPO function for clients, providing guidance on data protection governance and privacy oversight.
•Lead security risk assessments, gap analyses, and the prioritization of remediation efforts.
•Define and guide security strategies, roadmaps, and risk posture aligned with business objectives.
•Conduct security and architecture reviews for cloud-based platforms and SaaS applications.
•Review system and application architectures, data flows, identity and access models, and trust boundaries from a security perspective.
•Perform threat modeling and identify architectural security risks across cloud and application layers.
•Lead and support GRC and compliance initiatives, including ISO 27001 and SOC 2 readiness and ongoing maintenance.
•Develop, review, and maintain security policies, procedures, and governance controls.
•Support audit preparation and ongoing compliance activities.
•Lead and support privacy and data protection activities, including alignment with Israeli privacy laws and regulations.
•Provide clear, risk-based security recommendations to technical and non-technical stakeholders, including executive leadership.
•Lead project execution by managing timelines, tracking progress, and ensuring deliverables meet quality and scope expectations.
•Collaborate with security engineering, infrastructure, and offensive security teams to ensure findings are translated into practical and effective remediation.

Qualifications

•5+ years of experience in cybersecurity, with responsibility across GRC, risk management, and security architecture.
•Strong understanding of GRC practices, including governance, risk assessments, and control design.
•Experience supporting or leading CISO-level initiatives, including security strategy and risk prioritization.
•Hands-on experience with security standards and frameworks such as ISO 27001 and/or SOC 2.
•Working knowledge of cloud and application security concepts in modern SaaS environments.
•Ability to review system and application architectures, including data flows, identity and access models, and trust boundaries.
•Experience identifying and communicating architectural security risks at both technical and governance levels.
•Familiarity with privacy and data protection requirements under Israeli law.
•DPO experience or formal privacy training is an advantage.
•Strong analytical skills and the ability to balance security risk, compliance, and business needs.
•Strong communication skills with executive, technical, and non-technical stakeholders.