GRC Specialist

We are looking for a GRC specialist who is excited to build and scale a modern compliance and security program from the ground up. This role is not just about maintaining SOC 2 and ISO certifications. It is about embedding security into our product, our engineering culture, and every customer conversation. You will partner closely with Engineering, Sales, and Leadership to turn compliance into a strategic advantage and help Zafran earn and maintain the trust of some of the most security-conscious organizations in the world.

About Zafran:

The Zafran Threat Exposure Management Platform is the first and only consolidated platform that integrates with your security tools to reveal, remediate, and mitigate the risk of exposures across your entire infrastructure. Backed by Sequoia and Cyberstarts, Zafran uses an agentless approach to reveal what is truly exploitable while reducing manual prioritization and remediation through automated response workflows.

What you will do:

• Own and manage Zafran’s security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
• Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
• Build and maintain Zafran’s internal security controls framework and evidence collection processes
• Establish and manage continuous compliance monitoring and validation initiatives
• Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
• Manage relationships with external auditors and assessors during compliance audits
• Drive security awareness training and secure development practices across the organization
• Support customer-facing security conversations during sales cycles and onboarding
• Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
• Build scalability into GRC processes through automation and tooling improvements