GRC Manager

This is us 

Kaltura’s (NYSE:KLTR) mission is to power any video experience for any organization – live, on-demand, or real-time. We not only want to make using video simpler, but we also want to better people’s lives through video. Founded in 2006, Kaltura is now a global leader in the video market with millions of people using our products daily to teach, learn, watch, connect, and collaborate. Among our customers, you’ll find more than 1000 global, well-known organizations.    

15+ years since starting the company, we continue to foster a diverse and collaborative work environment where everyone gets a say. Our team is currently 700+ people, and we’re still growing. We have offices in New York, London, Singapore, and Tel Aviv, but our technology is all in the cloud. 

Kaltura has a fast-paced environment where initiative is always encouraged. Together with our hybrid work model and flexible state of mind, you get the right conditions for creative juices to flow freely. Thanks to our long line of products, cultivation of rich collaborative culture and care for each Kalturian, you’ll never run out of room to grow and evolve.   

If you don't meet 100% of the requirements below - that's okay, nobody's perfect! We believe in hiring people, not just a list of skills. We encourage you to apply if you think this is a role that would make you excited about coming to work every day. 

The Role: 

We are looking for an experienced GRC manager to lead the GRC domain reporting to Kaltura’s CISO. 

As GRC Manager you will be responsible for assessing and documenting Kaltura compliance and risk posture as they relate to its information assets, you will be a liaison on the privacy domain between various business and technology units. 

The candidate should have experience both as a security practitioner and consultant, profound security and privacy GRC related knowledge, and passion for cyber security. 

Responsibilities require experience, as well as expertise to ensure effective system-wide security & risk analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines. 

The Day-to-Day: 

• Evaluate the state of security and privacy from the GRC perspective, identifying gaps and opportunities and anticipating needs. 
• Testing the design and operating effectiveness of technical and administrative security controls 
• Designing and implementing data protection policies, processes, and procedures to align with Information Security policies and standards. 
• Partner with various business units to ensure controls are adequate, appropriate, and effective. 
• Support internal and external audit processes for relevant compliance programs such as SOC2, SOX and ISO. 
• Perform security and compliance assessments on new and existing systems, processes, technology. 
• Perform business impact analysis and assist with the development of the IT/InfoSec risk register. 

Ideally, we’re looking for: 

• Experience (At Least 3 years of experience) with legal and regulatory compliance standards such as SOX (ITGC), ISO, GDPR, CCPA, PCI-DSS, etc. 
• Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework. 
• Strong understanding of fundamental information security concepts and technology. 
• Experience with IT governance, risk, and compliance management in a large global environment. 

These would also be nice: 

• Security-related certification, such as CISA or CISM. 
• Experience with Privacy domain and PIA processes. 

The perks:

1. Hybrid, flexible work environment  
2. Extended private health (including mental) insurance  
3. Personal and professional development programs 
4. Occasional Cross company long weekends