GRC Specialist



The JFrog Platform gives you an end-to-end pipeline to control the flow of your binaries from build to production. Power your software updates to the edge

View company page

At JFrog, we’re reinventing DevOps to help the world’s greatest companies innovate -- and we want you along for the ride. This is a special place with a unique combination of brilliance, spirit and just all-around great people. Here, if you’re willing to do more, your career can take off. And since software plays a central role in everyone’s lives, you’ll be part of an important mission. Thousands of customers, including the majority of the Fortune 100, trust JFrog to manage, accelerate, and secure their software delivery from code to production -- a concept we call “liquid software.” Wouldn't it be amazing if you could join us in our journey?

We are looking for a passionate, business-savvy, and talented GRC Specialist to join our Compliance Team in Sunnyvale, California.
In this role, you will support our sales, legal, and business colleagues through various information security projects and initiatives. This is a great opportunity to work closely with technical stakeholders to further build and scale our global Information Security and GRC programs. We are looking for a team player who brings a thoughtful, pragmatic mindset to overcoming challenges.

As a GRC Specialist in JFrog you will...

  • Support the sales process by responding to customer inquiries related to information security and data privacy
  • Collaborate with cross-company teams such as sales, product engineering, security, sales-ops, and solutions engineering to build on an extensive and comprehensive compliance library
  • Respond to and complete customer risk assessments
  • Review and negotiate customer information security addendums
  • Evaluate the information security and privacy risk of third parties
  • Understand technical terminology to translate technical security concepts to the legal, sales, and marketing teams regarding regulatory and data protection requirements
  • Draft and review contractual language related to information security to ensure compliance with business operations and global data protection regulations
  • Lead and coordinate compliance and information security meetings with JFrog’s executive team, customers, and vendors
  • Review, update and manage applicable internal policies
  • Coordinate and carry out strategic customer audits

To be a GRC Specialist in JFrog you need...

  • 6+ years of work experience focused on issues related to Information security and GRC
  • Experience reviewing and redlining information security addendums
  • General knowledge of global privacy laws and regulations
  • Familiarity with SOC, ISO, NIST, SIG & CAIQ frameworks
  • Ability to multi-task effectively, complete projects and perform daily tasks with minimal supervision and ability to set and meet deadlines
  • Experience working with Salesforce, Jira, and GRC platforms
  • Ability to perform as the primary Security Subject Matter Expert
  • Excellent verbal, writing, organizational, and time management skills
  • Ability to identify and analyze issues and think critically to resolve problems
  • Resourcefulness, with an ability to cross boundaries to find solutions
  • Ability to work well under pressure: responsiveness, accuracy, and sense of urgency are essential to this role
  • Willingness to work a flexible schedule based on department and company needs
  • Ability to understand and translate security concepts, controls, and risk scenarios to identify their impact on technology, business, and customers
  • Comfortable working with both technical and non-technical audiences
  • Strong collaboration skills with an ability to build relationships with internal resources
  • Experience auditing cloud-based environments for policy compliance

Even if you don’t meet all the requirements listed here, we still encourage you to apply. Skills can be used in many different ways, and your life and professional experience may be relevant beyond what this list of requirements will capture.


  • At JFrog, base salary is only one component of our compensation package.
  • This position has a base salary range between $150,000 to $170,000.  Base salary will be based on your skills, qualifications, experience and location.
  • This position also includes an equity package of restricted stock units (RSU).  In addition, JFrog employees are eligible to participate in our Employee Stock Purchase Plan.
  • JFrog provides employees comprehensive benefits including medical, dental, vision, retirement, wellness and much more!
  • JFrog embraces hybrid work: 3 days in office / 2 days remote.
  • Additionally, this role may be eligible for discretionary bonuses or commission payments.

JFrog is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status or any other category protected by law.

Apply now Apply later
  • Share this job via
  • or

Tags: Audits Cloud Compliance DevOps Jira NIST Privacy Risk assessment SOC

Perks/benefits: Equity Flex hours Flex vacation Health care Wellness

Region: North America
Country: United States
Job stats:  10  1  0
Category: Compliance Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.