logo inner

Senior GRC Manager

PonteraHerzliya | Tel Aviv District, IsraelHybrid, Onsite

Pontera is a fintech company on a mission to help people retire better. Our software platform enables retirement savers to get the help they need managing their 401(k) and other retirement plan accounts as part of a personalized strategy by their trusted financial advisor. 
Pontera is used by financial advisors across the nation– from SMB to Fortune 500 RIA firms, independent broker-dealers, plan custodians, and plan advisors. Backed by leading venture capital firms including ICONIQ Growth and Lightspeed Venture Partners, Pontera is built by talented individuals who share a dedication to helping people retire with greater security. Our team is fast-growing and driven to become one of the largest fintech companies in the world.  Our culture is built on a people-first principle: in a complex and numbers-driven industry, we never lose sight of the people we serve and work alongside.

That’s where you come in.We are hiring a Senior GRC Manager to sustain, scale, and continuously enhance our Governance, Risk, and Compliance (GRC) program. Reporting directly to the CISO, this is a high-impact role focused on maintaining Pontera’s robust compliance posture (including SOC 2 Type II, ISO 27001, 27017, and 27018), driving cloud assurance initiatives, and strengthening trust with customers and partners.The ideal candidate is comfortable working cross-functionally, automating compliance workflows, and serving as a key liaison for external diligence and internal controls.

RESPONSIBILITIES


  • Maintain and mature the GRC program: Own core processes, documentation, and internal controls to support Pontera’s security and privacy obligations.
  • Align GRC activities with key frameworks, including NIST CSF, CIS Controls, and ISO 27001/27018, to ensure comprehensive control coverage and internal alignment.
  • Support certification continuity: Ensure ongoing adherence and audit readiness for SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018 through continuous monitoring, control validation, and stakeholder coordination.
  • Support evolving privacy governance efforts, including ISO 27701 adoption, privacy impact assessments (PIAs), and alignment with standards such as ISO 29134 or NIST Privacy Framework.
  • Contribute to vendor and third-party risk management: Support onboarding, reviews, and oversight of vendors handling sensitive data or infrastructure.
  • Manage Pontera’s customer trust program, including responding to security questionnaires, maintaining compliance artifacts, and owning our public Trust Center (e.g., SafeBase).
  • Administer and optimize GRC platforms: Manage tools such as VISO Trust, or Vanta to streamline evidence collection, risk tracking, and control testing. Lead process improvements and automation where possible.
  • Maintain the risk management program: Update the enterprise risk register, facilitate periodic risk assessments, and drive mitigation planning across business functions.
  • Partner cross-functionally with Legal, IT, Engineering, and Product to embed compliance requirements and align security initiatives with business goals.

REQUIREMENTS


  • 5+ years of experience in GRC, security compliance, or audit within a cloud-native or SaaS environment.
  • Proven track record supporting and maintaining certifications such as SOC 2 Type II, ISO 27001, 27017, and 27018.
  • Strong understanding of the NIST Cybersecurity Framework and CIS Critical Security Controls as applied in modern SaaS/cloud environments.
  • Familiarity with privacy management standards such as ISO 27701, ISO 29134, or equivalent frameworks (e.g., NIST Privacy Framework, GDPR Art. 35 PIAs)
  • Hands-on experience with GRC automation tools (e.g., Drata, Vanta, Tugboat Logic, OneTrust).
  • Excellent communication skills, particularly for external audit and customer diligence engagements.
  • Strong organizational and project management capabilities, with an ability to coordinate across functions and meet deadlines.

Preferred Qualifications


  • Experience managing a Trust Center (e.g., SafeBase).
  • Certifications such as CISM, CRISC, CCSK, or ISO 27001 Lead Implementer.
  • Previous experience in regulated or trust-sensitive industries such as fintech, B2B SaaS, or healthtech industries.

WHAT WE OFFER


  • Opportunity: Have a major impact at a fast-growing startup that is revolutionizing the FinTech industry
  • Team Culture: A collegial, collaborative, fun work environment with frequent team events
  • Equity: All new hires are eligible for equity grant participation
  • Professional Development: Sponsored learning & development program
  • Work Flexibility: A hybrid office work model (In-Office Mon/Tues/Weds and WFH Sun//Thurs)


Life at Pontera

Pontera is a fintech company on a mission to be the bridge to a better retirement for millions of Americans. We do this by enabling financial advisors to manage, trade and report on individual's 401(k)s, 403(b)s, and other held away accounts. Pontera is a SOC 2 compliant platform trusted by advisors to ensure that client data is protected, and that the client retains ultimate control of their accounts. The platform is designed to seamlessly work across account types and integrate with leading portfolio management software. Founded in 2012 as FeeX, Pontera is headquartered in New York City and now serves thousands of advisors, including some of the largest RIA and Broker Dealer firms across the country. If you are interested in helping everyday people get the professional guidance they need to make the most out of their retirement savings, join us.
Thrive Here & What We Value1. Peoplefirst mentality2. Collaborative work environment3. Flexible work arrangement (hybrid office model)4. Comprehensively benefits package5. Equity grant participation6. Professional development opportunities7. Paid parental leave and family planning services8. Fully stocked kitchen and lunch reimbursement program9. Retirement plan with employer match10. Generous PTO days
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025