GRC and Product Security Lead
About The Position
Zafran is on a mission to stop the exploitation of vulnerabilities everywhere. We’re transforming how security teams prioritize and reduce risk, moving beyond legacy vulnerability management toward a Continuous Threat Exposure Management (CTEM) operating model that actually works in the real world. We are looking for a GRC and Product Security Lead who is excited to build and scale a modern compliance and security program from the ground up. This role is not just about maintaining SOC 2 and ISO certifications. It is about embedding security into our product, our engineering culture, and every customer conversation. You will partner closely with Engineering, Sales, and Leadership to turn compliance into a strategic advantage and help Zafran earn and maintain the trust of some of the most security conscious organizations in the world. About Zafran: Our Mission: To stop the exploitation of vulnerabilities, everywhere. What makes us different: Zafran de-risks 90% of critical vulnerabilities overnight across your hybrid environment and utilizes Agentic Capabilities and your existing security tools to rapidly mitigate and remediate the 10% most likely to be exploited. Who’s behind us: Zafran is backed by Sequoia Capital, Cyberstarts, and a deep belief that cybersecurity should move as fast as attackers do. We’re one of the fastest-growing companies in the industry, scaling to meet demand from the world’s most advanced, security-obsessed organizations. We’re serious about our mission- so expect work that matters, teammates who challenge and inspire you, and plenty of fun along the way!
Requirements
- 8+ years of experience in information security, with at least 4 years focused on GRC and product security
- Proven track record managing SOC 2 Type 2, ISO 27001, or similar compliance frameworks for SaaS organizations
- Strong understanding of security controls frameworks (NIST CSF, CIS Controls, OWASP)
- Technical understanding of cloud security (AWS/Azure/GCP), application security, and infrastructure security
- Excellent written and verbal communication skills with ability to translate technical concepts for various audiences
- Self-starter who can build processes from the ground up and operate with limited oversight
- Relevant certifications preferred (CISSP, CISM, CISA, or equivalent)
Responsibilities
- Own and manage Zafran’s security compliance program, including SOC 2, ISO 27001, and other relevant frameworks
- Lead the response to customer security questionnaires and vendor security assessments, ensuring timely and accurate completion
- Build and maintain Zafran’s internal security controls framework and evidence collection processes
- Establish and manage continuous compliance monitoring and validation initiatives
- Develop and maintain security policies, standards, and procedures that support both compliance and business objectives
- Manage relationships with external auditors and assessors during compliance audits
- Drive security awareness training and secure development practices across the organization
- Support customer-facing security conversations during sales cycles and onboarding
- Monitor regulatory changes and emerging compliance requirements relevant to SaaS platforms
- Build scalability into GRC processes through automation and tooling improvements
Benefits
- flexible PTO
- health insurance plans (medical, dental, vision)
- a monthly stipend for phone and internet
- 401k
- flexible spending account
- a home office stipend when joining
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
