United States onlyDescription
Position: GRC Manager
US (EST Timezone), Canada - Remote Work/WFH
This is a REMOTE role *Preference given to East Coast Timezones*
Role Summary
Role Summary
We are hiring a Governance, Risk, and Compliance (GRC) Manager to lead our ISO 27001 program and oversee third-party risk management. This role is responsible for maintaining and evolving our information security management system (ISMS), managing audits, assessing vendor risks—including AI-related vendors—and ensuring alignment with regulatory and customer requirements. The ideal candidate combines strong organizational and documentation skills with the ability to engage technical and business stakeholders across the company.
Key Responsibilities
- Own and manage the company’s ISO 27001 ISMS, including policies, risk register, internal audits, and external certification readiness
- Lead third-party risk management activities, including onboarding reviews, due diligence, ongoing monitoring, and risk remediation
- Assess security and compliance risks of vendors and service providers, with specific attention to AI and SaaS vendors
- Maintain the vendor risk assessment process, criteria, and documentation aligned with ISO 27001, GDPR, and other relevant frameworks
- Coordinate with Legal, Procurement, and IT to ensure vendor contracts include appropriate security and compliance terms
- Track and manage findings, mitigation plans, and follow-up with business owners and vendors
- Drive internal compliance activities, including control assessments, evidence collection, and policy updates
- Respond to customer security questionnaires and support sales with documentation of our compliance posture
- Monitor evolving compliance, regulatory, and legal landscapes impacting our business (e.g., AI governance, data residency)
Requirements
Required Qualifications
- 5+ years of experience in GRC, information security compliance, or audit management
- Proven track record leading ISO 27001 programs, audits, and ISMS operations
- Hands-on experience in third-party/vendor risk management, including developing and applying security questionnaires
- Strong understanding of technical and operational risks in cloud-native, SaaS, and AI-enabled services
- Excellent communication and collaboration skills for engaging cross-functional teams and vendors
- Strong project management and documentation capabilities
Nice to Haves
- Experience with regulatory frameworks such as SOC 2, NIST CSF, GDPR, or CSA CCM
- Familiarity with emerging AI governance and security risks in enterprise SaaS environments
- Security certifications (e.g., CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CRISC)
- Background in security operations or cloud infrastructure that informs risk evaluation of technical controls
- Experience with GRC tools and GRC automation
More About DriveNets
Based in Israel with locations in Romania, US, and Japan as well as extended teams, DriveNets operations cover more than 16 countries. With recognition by industry analysts and through numerous industry awards, DriveNets is pushing market momentum, allowing for faster service innovation from the network core to the edge. Visit our website:
Israel
