Managing information security compliance, governance, and the associated risks are one of the most important areas of responsibility within an organization, especially cloud-based organizations. It boosts customers’ trust, enables sales, and makes sure the company complies with global standards of best practices.
But who, you may ask, is the superstar tasked with this massive charge? GRC managers! That’s who!
What is GRC management all about?
Having a GRC manager is imperative to companies looking to align their IT activities to their business goals, manage risk effectively and stay on top of security compliance. The governance, risk, and compliance manager is responsible for assessing and documenting a company’s compliance and risk posture as they relate to its information assets, reducing risks to an acceptable level, and preparing the company to pass audits successfully. They literally need to understand all the procedures in the company and make sure employees understand and take the extra mile when it comes to security.
The purpose of this position is to provide highly skilled technical and information security expertise for the development and implementation of the information security management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis, intrusion detection, standards and testing, risk assessment, awareness and education, and development of policies, standards, and guidelines. The GRC analyst or manager, in most cases, reports to the Chief Information Security Officer (CISO).
By the way, if you’re interested in looking at our list of top CISOs on the Israeli Tech Scene, take a look here!
GRC manager responsibilities in security teams
A GRC manager has many obligations! So, let’s break down the most imperative responsibilities.
These InfoSec giants will:
- Develop, enhance, and maintain the organization’s policies, procedures, standards, and guidelines.
- Support the management of the respective company by identifying and addressing compliance-related issues.
- Provide training to the respective company’s employees concerning their duties and responsibilities toward compliance.
- Work with customers and business partners to address compliance affairs related to the specific company’s products, services, and commitments.
- Conduct internal reviews to ensure ongoing compliance with applicable laws and regulations and legal commitments.
- Pass security audits successfully.
Top 10 GRC managers that dominate information security compliance
So we decided to not only list some of our personal favourite GRC managers in Israel, but also some of the most experienced and skilled ones out there, that are doing amazing things in their organizations and in the GRC security world. Whether they’re GRC managers for fresh tech start-ups taking off or part of major powerhouses, they play a big role in ensuring the correct governance, risk and compliance strategies are implemented effectively in their organizations. With the importance of security and compliance rising in today’s world, all eyes are on the GRC managers!
Let’s break down this list of the GOAT GRCs. FYI: GOAT stands for “greatest of all time.”
Marius Aharonovich, Salesforce
Marius is a veteran when it comes to the world of GRC, with over 20 years of experience, encompassing design and implementation of network and security solutions, system engineering, risk management, and security compliance management, in the fields of information technology, communication, and information security.
Roman Brodsky, Redis
Roman is a highly skilled and experienced CPA who has worked for prestigious corporations such as Deloitte where he was a senior IT risk management consultant and BDO where he worked as a compliance manager. This real estate on the list is well deserved!
Nehama Grossman, Operative
Nehama is a seasoned Senior GRC Analyst. Nehama has previous experience after years of operating in this domain at both EY as IT Advisory Services as well as her current experience at Operative, which proves that she definitely earns her place on our top 10 list!
Or David, Iron Source
Or is experienced in information technology services with a demonstrated history of working in the high-tech scene. Or is an absolute wiz when it comes to InfoSec, which is evident in his role as the Head of Cyber Security GRC. His specialties are especially evident in information security, Software as a Service (SaaS), IT audits (CISA), data privacy solutions engineering (CDPSE), and strategic planning. Even though it’s quite a mouthful, Or’s definitely deserves a spot on this list.
Vicky Kissin, Melio
Vicky has been in this domain with over 20 years of experience in risk management and compliance. As a GRC manager for Melio, Vicky has a proven ability in numerous aspects of the security and IT industry. She is highly experienced in successfully leading and implementing InfoSec and compliance programs (SOC 2, ISO 27001, ISO 27017/8, Cookies Laws, PCI, SOX, GDPR, JCI, NIST, etc.)
Maayan Levin, Orca
Maayan has more than eight years of experience in the information security field and six years in GRC, risk management, consulting project management, and auditing in various organizations.
Maayan is CISM and CDPSE of ISACA, with experience in security certifications such as ISO 27001 (graduate of the Standards Institution of Israel), ISO 27017, ISO 27018, SOC 2, CSA and more.
Craig Thiesen, Gong
Craig certainly earns his cape as an information technology risk management professional. As a GRC manager at Gong, Craig has been recognized as a thought leader, providing realistic solutions to security issues, and creating a positive IT security image within organizations. His place on the list is well-deserved!
Kobi Francis, Control Up
The great GRC manager for Control Up, Kobi Francis, has held several positions in global organizations as an Information Security Project Manager, DFIR Manager, IT Auditor, and GRC Consultant. Kobi has managed many projects in the ever-changing cybersecurity environment and provided MSSP.
Mor Bouganim Fogel, Monday.com
GRC Manager for Monday.com! The mere thought of that sentence is impressive! And Mor is just that! As an experienced Associate with a demonstrated history of working in the law practice industry. Skilled in legal writing and research, compliance procedures and intelligence analysis.
Jennifer Habshush, Appsflyer
Jennifer is a Certified Professional Coder specializing in Medicare Risk Adjustment (MRA) and Primary Care Medicine. AAPC certified (Magna Cum Laude). Her superpowers include expertise in ICD-10, CPT, HCPCS codes, and HIPAA compliance. As Appsflyer’s GRC Manager, Jennifer has a wealth of experience and achievements that make her an excellent candidate for this list.
We are all about SaaS compliance!
Thank you for taking the time to read our selection of the top GRC managers worldwide. Here at Scytale, we are constantly learning new and innovative enhancements in our industry, which makes us more and more excited about next-generation compliance.
Have we missed your favorite GRC Manager? Reach out to us so we can include your suggestion in future posts.
Want to learn more about information security compliance? Take a look at our insightful blogs and videos, as well as see what some of our fabulous customers have said about working with us to get ISO 27001, SOC 2 or HIPAA compliant.