Zafran Security

GRC and Product Security Lead

Zafran Security

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudGoogle Cloud Platform

About the role

  • Own and manage Zafran’s security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
  • Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
  • Build and maintain Zafran’s internal security controls framework and evidence collection processes
  • Establish and manage continuous compliance monitoring and validation initiatives
  • Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
  • Manage relationships with external auditors and assessors during compliance audits
  • Drive security awareness training and secure development practices across the organization
  • Support customer-facing security conversations during sales cycles and onboarding
  • Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
  • Build scalability into GRC processes through automation and tooling improvements

Requirements

  • 8+ years of experience in information security, with at least 4 years focused on GRC and product security
  • Proven track record managing SOC 2 Type 2, ISO 27001, or similar compliance frameworks for SaaS organizations
  • Strong understanding of security controls frameworks (NIST CSF, CIS Controls, OWASP)
  • Technical understanding of cloud security (AWS/Azure/GCP), application security, and infrastructure security
  • Excellent written and verbal communication skills with ability to translate technical concepts for various audiences
  • Self-starter who can build processes from the ground up and operate with limited oversight
  • Relevant certifications preferred (CISSP, CISM, CISA, or equivalent)
Benefits
  • flexible PTO
  • health insurance plans (medical, dental, vision)
  • monthly stipend for phone and internet
  • 401k
  • flexible spending account
  • home office stipend
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SOC 2ISO 27001NIST CSFCIS ControlsOWASPcloud securityapplication securityinfrastructure securityGRCcompliance frameworks
Soft Skills
written communicationverbal communicationself-starterprocess buildingrelationship managementsecurity awareness trainingorganizational skillsattention to detailproblem-solvingcollaboration
Certifications
CISSPCISMCISA