Cye is seeking a Cybersecurity Architect (GRC & Risk) to join our cybersecurity architecture team. In this role, you will lead security governance, risk, and control assessments, conduct third-party due diligence, support maturity assessments, and drive mitigation and architectural review processes. You’ll work closely with CISOs, security leaders, engineering teams, and customers to develop risk-focused methodologies and improve security frameworks. This position is best suited for candidates with a technical GRC, risk, or security assessment background who excel in analysis, interpretation, and structuring of security information.
Responsibilities
- Lead customer third‑party security due diligence assessments.
- Lead mitigation workshops to translate penetration test and assessment findings into prioritized remediation workplans.
- Perform security maturity assessments, including reviews of organizational policies, standards, procedures, and governance practices, aligned with the NIST CSF 2.0 cybersecurity framework.
- Develop and refine security methodologies, processes, and architectural guidance.
- Maintain internal documentation and ensure alignment between frameworks, processes, and practical implementation.
- Analyze technical findings and map them to governance, risk, and control gaps.
- Produce clear, structured reports and executive‑ready summaries for technical and non‑technical audiences.
Qualifications
- 3-4 years in cybersecurity GRC, IT risk, compliance, audit/assurance, or related process‑oriented security roles.
- Strong understanding of governance, risk management, and operational processes.
- Familiarity with cybersecurity frameworks (NIST CSF, ISO 27001 concepts), risk assessment, mitigation planning, and third‑party risk management.
- Basic conceptual understanding of cloud/SaaS shared responsibility models.
- Ability to communicate technical issues in business‑aligned language.
- Hands-on experience with security controls – an advantage.
- Strong writing, communication, and facilitation skills.
- Comfortable collaborating with internal stakeholders and external customers.
Skills Required
- 3-4 years in cybersecurity GRC, IT risk, compliance, or related roles
- Strong understanding of governance, risk management, and operational processes
- Familiarity with cybersecurity frameworks such as NIST CSF and ISO 27001
- Basic understanding of cloud/SaaS shared responsibility models
- Strong writing, communication, and facilitation skills
What We Do
CYE’s optimized cyber risk quantification platform and expert guidance transform the way organizations manage cybersecurity. Using AI, machine learning, and innovative technology, CYE visualizes attack routes, quantifies, mitigates, and communicates cyber risk, and matures organizational cybersecurity posture. In doing so, CYE provides clear and relevant insights that empower companies to make effective cybersecurity decisions. The company serves organizations in multiple industries globally. Founded in 2012, with headquarters in Israel and operations around the world, CYE is funded by EQT Private Equity and 83North.
