GRC Specialist

We are looking for a GRC specialist who is excited to build and scale a modern compliance and security program from the ground up. This role is not just about maintaining SOC 2 and ISO certifications. It is about embedding security into our product, our engineering culture, and every customer conversation. You will partner closely with Engineering, Sales, and Leadership to turn compliance into a strategic advantage and help Zafran earn and maintain the trust of some of the most security-conscious organizations in the world.

About Zafran:

Our Mission: To stop the exploitation of vulnerabilities, everywhere.

What makes us different: Zafran de-risks 90% of critical vulnerabilities overnight across your hybrid environment and utilizes Agentic Capabilities and your existing security tools to rapidly mitigate and remediate the 10% most likely to be exploited.

​​Who’s behind us: Zafran is backed by Menlo Ventures, Sequoia Capital, Cyberstarts, and a deep belief that cybersecurity should move as fast as attackers do. We’re one of the fastest-growing companies in the industry, scaling to meet demand from the world’s most advanced, security-obsessed organizations.

We’re serious about our mission- so expect work that matters, teammates who challenge and inspire you, and plenty of fun along the way!

What you will do:

• Own and manage Zafran’s security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
• Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
• Build and maintain Zafran’s internal security controls framework and evidence collection processes
• Establish and manage continuous compliance monitoring and validation initiatives
• Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
• Manage relationships with external auditors and assessors during compliance audits
• Drive security awareness training and secure development practices across the organization
• Support customer-facing security conversations during sales cycles and onboarding
• Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
• Build scalability into GRC processes through automation and tooling improvements

• 4+ years of experience in information security and GRC
• Proven track record managing SOC 2 Type 2, ISO 27001, or similar compliance frameworks for SaaS organizations
• Experience working with SOC (cybersecurity operations center) and response to cybersecurity incidents
• Hands-on experience with IT and Security tools
• Strong understanding of security controls frameworks (NIST CSF, CIS Controls, OWASP)
• Technical understanding of cloud security (AWS/Azure/GCP), application security, and infrastructure security
• Excellent written and verbal communication skills with the ability to translate technical concepts for various audiences
• Self-starter who can build processes from the ground up and operate with limited oversight
• Relevant certifications preferred (CISSP, CISM, CISA, or equivalent)