Cybersecurity GRC Specialist

As a Cybersecurity GRC Specialist at our innovative healthcare startup, you will own our information security program end to end. We are on a mission to bring the first Hybrid Drug to market: a groundbreaking therapeutic entity that integrates mobile apps with traditional medication. Operating at the intersection of digital health and pharma means security, privacy, and compliance are core to what we build — and you'll be the one making sure we get it right. If you're excited to shape and lead the security function of a growing company (rather than inherit one), read on

Location

Ramat Gan (Bursa), Israel

Work Environment

This role is based in our office in Ramat Gan, offering the opportunity to collaborate closely

with our dynamic team in person.

About the Role

This is a hands-on role with broad ownership. You'll act as our security lead, serving as the go-to person for all things governance, risk, and compliance — working directly with leadership, engineering, quality, and clinical teams. It's a great fit for someone with a few years of GRC experience who's ready to take on company-wide responsibility, not a traditional executive CISO position.

Responsibilities

Governance & Security Program

  • Build, implement, and maintain our Information Security Management System (ISMS) in line with ISO 27001.
  • Develop and enforce security policies, standards, guidelines, and procedures across the company.
  • Foster a culture of security awareness through training and ongoing communication.

Risk Management

  • Identify, assess, and prioritize cyber risks across our products, infrastructure, and vendors.
  • Conduct Business Impact Analyses (BIA) to map critical business functions and potential disruptions.
  • Own the risk register and drive mitigation plans with relevant stakeholders.


Compliance & Regulatory Alignment

  • Ensure compliance with healthcare and privacy regulations, including HIPAA and GDPR.
  • Support regulatory and quality processes relevant to medical device software (e.g., working alongside our QA/RA team on standards such as ISO 13485 and IEC 62304 where security intersects).
  • Manage security aspects of customer, partner, and vendor due diligence, including security questionnaires and audits.

Resilience & Incident Preparedness

  • Design and maintain Business Continuity (BCP) and Disaster Recovery (DRP) plans.
  • Define and test incident response procedures; lead response efforts when needed.
  • Run periodic tabletop exercises and recovery drills.

Security Operations & Engineering Collaboration

  • Work with engineering to embed security requirements into the development lifecycle of our mobile and cloud platforms.
  • Coordinate penetration tests, vulnerability assessments, and remediation follow-up.
  • Evaluate and manage security tooling appropriate to our size and needs.

Qualifications

Experience

2–4 years of hands-on experience in a GRC, information security, or IT security role — ideally in healthcare, medtech, or another regulated industry.

Knowledge

  • Practical experience implementing or maintaining ISO 27001-based ISMS (certification project experience is a strong plus).
  • Solid understanding of risk management methodologies, BIA, BCP, and DRP.
  • Familiarity with privacy and healthcare regulations such as GDPR and HIPAA.

Skills & Mindset

  • Strong ability to translate security and compliance requirements into practical, business-aligned actions.
  • Comfortable working independently and owning a domain across the whole company.
  • Excellent communication skills — you can explain risk to engineers, executives, and auditors alike.


Nice to Have

  • Relevant certifications (e.g., ISO 27001 Lead Implementer/Auditor, CRISC, CISM, Security+).
  • Exposure to cloud security (AWS/GCP/Azure) and mobile application security.
  • Experience responding to enterprise security questionnaires or supporting SOC 2 / ISO audits.

Benefits

  • Join a purpose-driven startup focused on improving patient outcomes.
  • Own and shape the security function from the ground up — rare responsibility for this career stage.
  • Collaborate with experts in healthcare, neuroscience, game design, and technology.
  • Make a meaningful impact on the lives of patients and their families.

If you’re ready to bring your passion to help create the future of medicine, we’d love to have you on our team!