GRC Specialist

About Port:

At Port.io, we are building an open and flexible Agentic Engineering Platform for modern engineering organizations. Following our recent $100M Series C funding round, we are in a phase of rapid hypergrowth with strong enterprise momentum.

We act as the central nervous system for engineering, enabling platform teams to unify their stack and expose it as a governed layer through golden paths for developers and AI agents. By combining rich engineering context, workflows, and actions, we help organizations transition from manual processes to autonomous, AI-assisted engineering workflows while maintaining control and accountability.

As a product-led company, we believe in building world-class platforms that fundamentally shape how modern engineering organizations operate.

About Your Day-to-Day

As a GRC Specialist, you will play a meaningful role in shaping how Port operates and scales. You will work closely with the CISO in the GRC Team, and cross-functional teams, take ownership over maintaining and expanding our compliance posture, managing vendor risk, and driving policy implementation across the organization, and help transform complex challenges into clear, structured outcomes.

Responsibilities:

• Manage and support ongoing SOC 2 Type II and ISO 27001 audit cycles, evidence collection, control testing, and remediation tracking
• Own vendor risk management, conduct third-party security assessments, maintain vendor inventory, and track remediation
• Develop, review, and maintain security policies and procedures aligned with industry frameworks (ISO 27001, SOC 2, FedRAMP, DORA, and more)
• Drive GDPR compliance activities including data mapping, DSAR processing, and privacy impact assessments
• Respond to customer security questionnaires (DDQs, RFIs, periodic reviews) accurately and efficiently
• Support risk assessment processes, identify, analyze, and track organizational risks with clear mitigation plans
• Manage compliance evidence in our GRC platform and ensure continuous monitoring and automated evidence collection
• Collaborate with engineering and product teams on security requirements for new features and integrations
• Track and report on compliance metrics and KPIs to the CISO and leadership
• Contribute to security awareness initiatives and help foster a security-first culture across the company

What Success Will Look Like

Success in this role means becoming a trusted, reliable contributor who brings clarity and stability to the team. Within the first months, you are expected to:

• Take full ownership over your scope and operate independently
• Deliver consistent, high-quality outcomes with minimal friction
• Proactively identify gaps, inefficiencies, or areas of improvement and address them
• Build strong working relationships across teams based on trust and accountability
• Contribute to a calmer, more predictable, and better-organized working environment

Requirements

• 3+ years of experience in GRC, information security compliance, or security audit roles
• Hands-on experience with SOC 2 and/or ISO 27001 audit processes, you’ve managed evidence collection and worked directly with auditors
• Strong understanding of risk management frameworks (NIST CSF, ISO or equivalent)
• Experience conducting vendor security assessments and managing third-party risk
• Working knowledge of GDPR and data privacy compliance requirements
• Familiarity with GRC platforms and compliance automation tools
• Detail-oriented with strong organizational skills, you can manage multiple audit workstreams simultaneously
• Excellent written and verbal communication in English
• Ability to work hybrid from our Tel Aviv office

Nice to Have

• FedRAMP experience, familiarity with FedRAMP authorization process, documentation development, control implementation, or 3PAO assessments is a massive advantage as we evaluate our federal compliance path
• Experience with cloud security compliance in AWS environments
• Relevant certifications: CISA, CRISC, ISO 27001 Lead Auditor, or similar
• Experience in SaaS B2B companies or fast-growing startups