Information Security Consultant (GRC) & Privacy Specialist

abra North is seeking an experienced and highly skilled Information Security Consultant (GRC) and Privacy Specialist with proven expertise in governance, risk management, compliance, and data protection.

 Central region | Full-time | Hybrid Work Model

Key Responsibilities:

• Lead certification and compliance programs for international standards such as ISO 27001, ISO 27799, and ISO 27017.

• Provide guidance on privacy and regulatory requirements, including GDPR and the Israeli Protection of Privacy Law (with emphasis on Amendment 13).
• Deliver CISO‑as‑a‑Service, including building and managing security programs, driving risk management activities, and presenting status and recommendations to executive leadership and boards.
• Conduct Cyber/IT Risk Assessments, perform Gap Analyses, and develop actionable remediation plans.
• Develop methodological frameworks, including security policies, procedures, and annual work plans aligned with industry best practices.
• Provide high‑level advisory support to align technical security solutions (EDR, DLP, Cloud Security, IAM, etc.) with regulatory and organizational requirements.
• Deliver cybersecurity and privacy awareness training for employees and management.

Requirements

Must have:

• Academic degree in a relevant field, or completion of a recognized cybersecurity/information security program (200+ hours).
• 2+ years of experience in methodological consulting or in managing information security within organizations.
• Strong knowledge of ISO 27001 and familiarity with sector‑specific regulations (e.g., financial, healthcare).
• Proven experience in privacy compliance and understanding of the DPO role.
• Excellent writing skills in Hebrew and English, with the ability to produce professional policies and procedures.
• Solid understanding of IT environments and enterprise security technologies (EDR, DLP, IAM, Cloud Security).

Nice to have:

• Relevant certifications such as CISM, CISA, CIPP/E, CRISC.
• Experience working with regulators (e.g., the Israeli Privacy Protection Authority, Israel National Cyber Directorate).
• Consulting experience in the financial or healthcare sectors, including standards such as HIPAA or HITRUST.