At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate - and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit, and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including 75% of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production - a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?

We're looking for a Senior Governance, Risk, and Compliance (GRC) Specialist to join our global GRC team. In this critical role, you will help secure the JFrog platform that powers the software supply chain for thousands of the world's top organizations.

Reporting to the GRC Manager, you will work alongside a talented team to enhance our security posture, establish GRC best practices, and embed security governance into our fast-paced, DevOps-driven culture. You will be a key advisor, helping to translate complex risks and compliance requirements into actionable controls that support JFrog's mission.

As a Senior GRC specialist at JFrog you will...

• Drive Security Framework Adoption (New Markets): Lead the strategic adoption of net-new security frameworks to unlock business markets.

• Oversee the Security Certification Program: Oversee the end-to-end execution of our security assurance portfolio (ISO 27001, SOC 2).

• Lead Security Audits: Serve as a primary GRC contact for internal and external audits. You'll coordinate evidence gathering, craft management responses, and drive the remediation of findings.

• Lead Governance Initiatives: Develop, maintain, and enhance the enterprise-wide security GRC framework, policies, standards, and procedures, ensuring they align with our cloud-native and SaaS environment.

• Risk Management & TPRM: Evolve our Third-Party (TPRM) and Internal Security Risk programs, including executing and documenting comprehensive risk assessments, ensuring that findings are remediated and clearly aligned with JFrog’s risk appetite.

• Collaborate Cross-Functionally: Partner with engineering, product, IT, and legal teams to embed security controls into daily business operations, ideally automated.

• Mentor & Advise: Act as a subject matter expert on governance and risk for the wider organization and provide mentorship to junior GRC team members.

To be a Senior GRC specialist at JFrog you need…

• 5+ years of direct experience in Information Security GRC, Risk Management, or Audit, preferably acquired within a high-growth SaaS or cloud-native environment.

• A proactive, self-starting mentality with strong analytical, project management, and problem-solving skills, with proven ability to validate your own work and drive tasks to completion independently.

• Demonstrable expertise in managing core compliance programs (SOC 2, ISO 27001)

• Experience pursuing net-new compliance certifications and initiatives (e.g., R, C5, TISAX, IRAP).

• Experience developing, drafting, and implementing security policies and standards from the ground up in a tech-focused environment, harmonizing controls across frameworks to create agile standards.

• Experience leading complex security audits, serving as a primary liaison and "in-the-room" lead during internal and external audits.

• Strong understanding of information security principles, risk management, and control frameworks in a cloud-first environment (AWS, GCP, Azure).

• Exceptional communication and interpersonal skills, with a proven ability to build relationships and influence change across engineering, product, and business teams, and the ability to write concise, "Executive Ready" policies and risk reports.

• Hands-on experience with GRC platforms and a drive to automate manual GRC workflows.

• Bachelor’s degree in Cybersecurity, Information Technology, Law, or a related field, or equivalent practical experience.

Preferred Qualifications

• Advanced Framework Knowledge: experience with pursuing and implementing advanced security frameworks such as IRAP, NIST CSF, and FedRAMP.

• Experience leading formal risk assessments using established methodologies (e.g., NIST RMF).

• Familiarity with emerging AI regulations (e.g., EU AI Act, NIST AI RMF) and experience applying governance and security frameworks to AI/ML models.

• Familiarity with the intersection of privacy laws (GDPR, CCPA) and cybersecurity regulations (DORA, SEC Rules)

• One or more of the following professional certifications, such as CISSP, CISM, CRISC, or CISA.

• Knowledge of DevOps principles, CI/CD pipelines, and software supply chain security concepts

• Experience with building automated workflows to streamline compliance tasks, scripting, and integrations.