Zafran Security
Zafran's Threat Exposure Management Platform integrates with your security tools to reveal, remediate, and mitigate risk
GRC and Product Security Lead
Location
United States
Posted
25 days ago
Salary
Not specified
8 yrs expEnglishAWSAzureCloudGoogle Cloud Platform
Job Description
• Own and manage Zafran’s security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
• Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
• Build and maintain Zafran’s internal security controls framework and evidence collection processes
• Establish and manage continuous compliance monitoring and validation initiatives
• Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
• Manage relationships with external auditors and assessors during compliance audits
• Drive security awareness training and secure development practices across the organization
• Support customer-facing security conversations during sales cycles and onboarding
• Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
• Build scalability into GRC processes through automation and tooling improvements
Job Requirements
- 8+ years of experience in information security, with at least 4 years focused on GRC and product security
- Proven track record managing SOC 2 Type 2, ISO 27001, or similar compliance frameworks for SaaS organizations
- Strong understanding of security controls frameworks (NIST CSF, CIS Controls, OWASP)
- Technical understanding of cloud security (AWS/Azure/GCP), application security, and infrastructure security
- Excellent written and verbal communication skills with ability to translate technical concepts for various audiences
- Self-starter who can build processes from the ground up and operate with limited oversight
- Relevant certifications preferred (CISSP, CISM, CISA, or equivalent)
Benefits
- flexible PTO
- health insurance plans (medical, dental, vision)
- monthly stipend for phone and internet
- 401k
- flexible spending account
- home office stipend
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Engineer – Application, AI Security
EnableCompWe partner with over 1,000 healthcare providers to maximize their complex claims reimbursements.
Security Engineer25 days ago
Full TimeRemoteTeam 501-1,000H1B No Sponsor
Security Engineer implementing security controls during AI platform transformation at EnableComp
AWSAzureCloudDockerGoogle Cloud PlatformJenkinsKubernetesPythonTerraform
Tennessee
Fire/Security Alarm Installation Technician
Wachter, Inc.Wachter enables business transformation by solving complex challenges to keep your organization successful.
Security Engineer25 days ago
Full TimeRemoteTeam 1,001-5,000Since 1930H1B No Sponsor
Fire Alarm Technician installing and maintaining systems for clients nationwide
Security Engineer25 days ago
Full TimeRemoteTeam 11-50H1B No Sponsor
Cloud Security Engineer providing expertise in cloud security architecture and applications.
AnsibleAWSAzureChefCloudLinuxOraclePerlPuppetPythonSaltStackTerraformUnix
Virginia
Director, Application Security
Reinsurance Group of America, IncorporatedTrusted Partner. Proven Results.
Security Engineer25 days ago
Full TimeRemoteTeam 1,001-5,000Since 1973H1B No Sponsor
Director of Application Security leading teams at RGA
SDLC
