GRC Specialist

GRC Specialist Cyber & Information Security Rehovot, IL (Nova HQ) Role Description What we are looking for: The Cyber Security team at Nova is looking for a highly motivated GRC Specialist to join our team and take ownership of our Governance, Risk & Compliance program. In this role, you'll work closely with the CISO and cross-functional teams to embed security and compliance into everything we do. enabling the business to scale securely while meeting regulatory and customer expectations. This is a high-impact position for someone who thrives in dynamic environments and wants to build, improve, and influence how security is managed across the organization. Responsibilities What will you be doing: Own and lead the organization's Governance, Risk & Compliance (GRC) program Reporting the CISO to define and execute a GRC strategy aligned with business objectives and risk appetite Develop, implement, and maintain security policies, standards, and procedures aligned with industry best practices and regulatory requirements Lead and manage risk assessment processes across cybersecurity, IT, third-party, and operational domains Maintain and actively manage the risk register, ensuring risks are identified, prioritized, tracked, and remediated Drive and manage compliance programs (e.g., ISO 27001, NIST, CIS, GDPR), ensuring continuous audit readiness Lead internal and external audits end-to-end, including evidence collection, auditor coordination, and remediation tracking Manage third-party risk (TPRM), including vendor security assessments, questionnaires, and ongoing monitoring Support product and engineering teams by integrating security and compliance requirements into new features and systems Build and deliver risk and compliance reporting, including dashboards, KPIs, and executive-level insights Translate technical risks into clear, business-relevant communication for leadership and stakeholders Drive security awareness initiatives and promote a security-first culture across the organization

Requirements Requirements:

5+ years of experience in GRC, information security, risk management and compliance roles Hands-on experience with security audits and certifications such as ISO 27001 and/or SOC 2 Strong understanding of risk management frameworks (e.g., NIST

CSF, ISO 27001, CIS

) Experience managing third-party/vendor risk programs Knowledge of data privacy and regulatory requirements (e.g., GDPR) Familiarity with GRC platforms and compliance automation tools Understanding of cloud environments (AWS, Azure, or GCP) and general security practices (infrastructure, application, and IT security) Ability to manage multiple audit and compliance workstreams simultaneously with strong attention to detail Experience with security tools and IT systems (advantage) Familiarity with automation and/or AI-driven GRC processes (advantage) Ability to think critically about emerging risks, including AI and evolving regulatory landscapes (advantage) That special something you bring in: Strong analytical and problem-solving skills, with the ability to assess and prioritize risks Excellent written and verbal communication skills in English, with the ability to translate technical concepts into business language Self-starter with the ability to work independently, prioritize effectively, and operate in a fast-paced environment Strong organizational skills and ability to build structure and processes from scratch Get to know us better: Nova (

NASDAQ:

NVMI) is a global company and a leading provider of innovative metrology solutions for process control in semiconductor manufacturing. With a team of ~1200 people in three R D centers and 27 field offices, we bring insights into the world's most advanced industry. We leverage multiple technology fields such as physics, optics, chemistry, and algorithms to develop hardware and software solutions that measure almost every advanced computer chip built in the world. Nova dives deep into dimensions and layers at the atomic level to extract unique insights and provide our customers with crucial decision-making data, managing critical challenges by providing unique, differentiated solutions. Our outstanding people-focused and innovative culture means every person at Nova has the power to make an impact and significantly redefine what people can achieve through technology. Join us if you are A dreamer and brilliant high aimer who sees the impossible as the starting point and loves working in a multidisciplinary global team to create innovative breakthroughs. If you need assistance due to a disability, you may contact us at talent@novami.com