Security & Compliance Lead - Optimove Tel Aviv, Tel Aviv District, Israel Bookmark Share Print 8 0 0

Listing Description



We seek a highly skilled Security and Compliance Lead to drive the company’s security and compliance initiatives across our multi-cloud environments and services. This technical, hands-on role is responsible for securing applications, IT infrastructure, customer data, and employee endpoints while ensuring compliance with industry standards. The role also includes leading audits (ISO 27001, SOC 2 Type 2), managing penetration tests, supporting customer security inquiries, and assisting the field departments (sales, marketing) with security-related needs.

Responsibilities:

Security Leadership:


  • Develop, implement, and monitor security policies, standards, tools and procedures.

  • Manage security across multi cloud environments (GCP, AWS, Azure) covering applications, IT systems, and endpoints.

  • Lead incident response efforts, including root cause analysis and the implementation of remediation plans.

  • Continuously assess vulnerabilities and develop mitigation strategies.


Cloud Security:


  • Oversee the security posture in multi-cloud environments (AWS, GCP, Azure) and services (such as Snowflake, MongoDB, Auth0 and others)

  • Collaborate with DevOps and SRE teams to secure CI/CD pipelines and infrastructure.

  • Implement and manage security controls for workloads, applications, and sensitive data.

  • Vendor and Corporate Security Assessment:

  • Lead security assessments of third-party vendors and partners to ensure compliance with corporate security standards.

  • Conduct regular security evaluations of corporate systems, services, and tools to assess vulnerabilities.

  • Implement vendor management processes to maintain security controls and compliance across all third-party relationships.

  • Customer Security Support:

  • Answer customer security-related questions and assist in responding to RFPs and security questionnaires.

  • Support field departments (sales, marketing, etc.) by addressing security concerns, creating customer-facing security documentation, and maintaining a knowledge base with answers to common security inquiries.


Data Security and Privacy:


  • Protect customer data, including PII, using encryption, DLP strategies, and access controls.

  • Oversee endpoint security and data privacy policies, ensuring compliance with relevant regulations (e.g., GDPR, HIPAA).

  • Manage and enhance email security controls such as DMARC, DKIM, and SPF to protect against phishing and email fraud.


Compliance and Auditing:


  • Lead security audits such as ISO 27001, SOC 2, and ensure compliance with global regulations (GDPR, HIPAA, etc.).

  • Organize and manage penetration tests and vulnerability assessments, implementing remediation strategies based on findings.

  • Maintain comprehensive documentation and reporting for audits, senior management, and regulatory bodies.


Collaboration and Training:


  • Work with cross-functional teams (Legal, IT, Engineering) to embed security best practices across the organization.

  • Lead security awareness programs and training for employees.

  • Build and maintain a knowledge base of security policies, procedures, and common security questions for internal and external stakeholders.


Requirements:


  • 5+ years in security roles, with at least 3 years in cloud security and compliance.

  • Proven experience managing security audits (ISO 27001, SOC 2) and overseeing penetration tests.

  • Expertise in cloud-based SaaS platforms

  • Experience responding to customer security inquiries and supporting sales and marketing teams.

  • Hands-on experience with security tools, including firewalls, DLP, SIEM, encryption, and endpoint protection.


Technical Skills:


  • Proficient in cloud security practices across AWS, GCP, and/or Azure.

  • Strong knowledge of email security controls such as DMARC, DKIM, and SPF.

  • In-depth understanding of security technologies like IAM, VPN, firewalls, IDS/IPS, and encryption.

  • Experience with integrating security into CI/CD pipelines through DevSecOps practices.

  • Familiarity with endpoint management and device security tools.

  • Certifications (preferred):

  • CISSP, CISM, CISA, or similar security certifications.

  • Cloud security certifications (AWS Certified Security Specialty, Google Professional Cloud Security Engineer, etc.).


Soft Skills:


  • Strong leadership, communication, and documentation skills.

  • Ability to collaborate with cross-functional teams and handle customer-facing tasks.

  • Analytical mindset and problem-solving abilities.



 

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!