Security GRC Specialist - Mat. Leave Cover (1 year)
TLDR
Hands-on security governance and risk professional joining a fast-moving Security & Trust group to own compliance programs, vendor risk, governance, and security awareness.
About the Role
monday.com is looking for a GRC Security Specialist to join our Security Department.
This is a hands-on, execution-focused role within our GRC Security & Trust Group.
You'll own real workstreams, including compliance programs, vendor risk management, security governance, and security awareness.
You’ll be part of a small, focused team that moves fast and builds things that scale.
You'll collaborate closely with Security domains, R&D, Infra, IT, Legal, Privacy, and Procurement to make sure our security controls and compliance processes are practical, effective, and aligned with how the business actually works.
Key Responsibilities
● Vendor risk management: Own the end-to-end vendor security assessment process
across all risk tiers, covering software, AI capabilities, service providers, and external
workforce. This includes conducting a kick-off meeting with the business stakeholder to
understand the use case and data exposure, assigning a risk rating, sending and
managing security questionnaires, evaluating vendor responses using AI-powered
security tools, reviewing security exhibits and contractual requirements, consolidating
findings, and driving each review to a clear decision.
● Compliance and certifications: Manage external security audits end-to-end and ongoing
compliance maintenance for frameworks such as ISO 27001 and SOC 2, including control
mapping, evidence collection, stakeholder coordination, and auditor reporting. Support
the SOX & internal audits compliance workstream through audit cycles and track
remediations to closure.
● Policies and Procedures: Drive the annual review and update of security policies based on
audit findings and regulatory changes. Manage policy exceptions and recommend
corrective actions.
● Governance: Own governance actions across assigned security domains - identifying
risks, aligning controls, and driving decisions end-to-end. Lead security routine weeks
across the organization. Serve as the go-to person for employees on security and
compliance matters.
● Awareness and education: Lead security awareness and training activities, including
phishing simulations, online training programs, and company-wide security events using
AI-powered security tools.
Your Experience & Skills
● 2+ years in GRC, information security, or compliance — preferably in a SaaS company
● Strong working knowledge of security and privacy frameworks: ISO 27001, SOC 2, GDPR,
HIPAA, and NIST
● Proven ability to run TPRM independently: assess vendors, rate risk, and drive reviews to
a clear decision
● AI-native working style. Use AI tools to accelerate your work: drafting policies,
summarizing vendor responses, researching frameworks, and structuring audit evidence
● Comfortable working across technical and non-technical stakeholders — translating
security requirements into language that lands
● Strong sense of ownership, responsibility, and problem-solving approach
● Ability to manage multiple active workstreams without losing detail
● Excellent written and verbal communication in Hebrew and English
Please note: This is a temporary position supporting our GRC team during a team member's
parental leave.
monday.com is an AI work platform that empowers ambitious teams by integrating people, workflows, and AI agents into a single flexible environment. With over 250,000 customers, it enables businesses across various industries to enhance efficiency, adapt to changing needs, and execute tasks effectively, fostering a culture of ownership and innovation.
- Founded
- Founded 2012
- Employees
- 500+ employees
- Industry
- computer software
- Funding stage
- Public
- Stock ticker
- Publicly traded (MNDY)