#HireHer Jobs Board

Discover your next FinTech role
NYC FinTech Women
NYC FinTech Women

GRC Specialist- Temporary position



Herzliya, Israel
Posted on Friday, May 26, 2023

Pontera is a FinTech SaaS company on a mission to help millions of Americans retire better by enabling financial advisors to manage, trade and report on 401(k) and other retirement accounts. Pontera customers range from Fortune 100 financial services firms and large independent broker dealers to small independent RIA’s and advisory firms.

At Pontera, we are proud of our people-first mentality and culture. You will have the unique and exciting opportunity to be part of a team whose mission is to scale Pontera into one of the largest FinTech companies in the world. We have significant funding from some of the most notable venture capital investors, led by Lightspeed Venture Partners, and are in a period of hyper-growth. The next critical step in our trajectory is adding to our world-class team, and that’s where you come in.

Pontera is on a lookout for a GRC Specialist- A temporary position- Replacement employment during maternity leave. Reporting to the Chief Information Security Officer, the Governance, Risk, and Compliance (GRC) Specialist will help run the company GRC program covering the security policy, risk management process, and compliance with standards and regulations such as ISO27001, SOC 2, and applicable Privacy regulations.

* Option for 80% to 100% employment


  • Lead a service-oriented and a customer engagement driven GRC operational function
  • Operationalize various GRC capabilities such as (i) company security risk management, (ii) compliance management, (iii) policy management, (iv) security training, (v) third party risk management, and (vi) assuring our customers we meet the highest security standards as expected
  • Lead the operationalization of security compliance programs to support various compliance regulations
  • Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business
  • Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders
  • Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review
  • Establish and maintain security metrics and reporting
  • Respond to customer security/compliance questionnaires
  • Act as security risk management ambassador to internal customers
  • Development of actionable and agile security compliance programs to support various compliance regulations
  • Implement and operate advanced, automated and AI based solutions for Compliance management and Third-Party Security Management
  • The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the planning, scoping, and execution of these assessments
  • Driving remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solutions within the agreed upon/reasonable SLA
  • Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management. Develop and manage the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk


  • 3+ years experience working in governance, risk, and compliance and/or information security and risk management
  • Functional knowledge of the CISSP security domains and information security industry standard and best practices
  • Functional knowledge of applicable security regulatory requirements (CCPA, GDPR)
  • Functional knowledge of ISMS governance models (i. e. ISO 27001, NIST, CAIQ), information security roles, security controls
  • Functional knowledge of common security certifications (i. e. ISO 27001, SOC1, SOC2) and ability to glean significance from findings identified in these reports
  • Ability to communicate risk methodologies and concepts to the business units and R&D
  • Demonstrated experience with controls definition, development, implementation, and assessment
  • Strong interpersonal skills and ability to work effectively with diverse and distributed teams
  • Strong attention to detail, project management and organizational skills