Own and manage Zafran’s security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
Build and maintain Zafran’s internal security controls framework and evidence collection processes
Establish and manage continuous compliance monitoring and validation initiatives
Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
Manage relationships with external auditors and assessors during compliance audits
Drive security awareness training and secure development practices across the organization
Support customer-facing security conversations during sales cycles and onboarding
Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
Build scalability into GRC processes through automation and tooling improvements

8+ years of experience in information security, with at least 4 years focused on GRC and product security
Proven track record managing SOC 2 Type 2, ISO 27001, or similar compliance frameworks for SaaS organizations
Strong understanding of security controls frameworks (NIST CSF, CIS Controls, OWASP)
Technical understanding of cloud security (AWS/Azure/GCP), application security, and infrastructure security
Excellent written and verbal communication skills with ability to translate technical concepts for various audiences
Self-starter who can build processes from the ground up and operate with limited oversight
Relevant certifications preferred (CISSP, CISM, CISA, or equivalent)

GRC and Product Security Lead

Key skills