Head of GRC

We are looking for a highly skilled, motivated and experienced global Head of GRC (Governance, Risk Management & Compliance) to join us! 

This role will own the GRC domain, lead a boutique team and play a key position in the Security Leadership group (reporting to the CISO) and its vision for the company's scale. The role includes work with different levels of seniority from various domains and will possess strong capabilities of collaborative work and communication skills. 

This is a unique opportunity to play a pivotal role in ensuring that our organization adheres to regulatory requirements, industry standards and best practices while effectively managing risks associated with the security operations, especially in light of our fast growth and readiness for scale.

About The Role:

• Leadership: Lead the team, develop and empower the team’s personnel (e.g. crafting a PDP - Personal Development Plan), alongside planning the team’s vision, budget, OKRs, annual work plan (consisting of both innovation and operations activities) and additional duties as needed.
• Governance: review, update, and execute policies, procedures, and ceremonies to ensure alignment with global regulations, compliance programs and customer requirements.
• Risk management: managing the company's comprehensive security risks, including incident response procedures and activities, resilience statusת risk assessments and remediation plans, considering global threats as well as internal business changes and demands.
• Compliance: manage monday.com’s compliance domain, ensuring compliance with current certifications (e.g. ISO, SOC), while extending the compliance suite based on business impact.
• Third party risk management: responsible for the vendor assessment program, for both ongoing processes and new initiatives for improving efficiency.
• Employees education: lead the monday.com’s security awareness & training program for employees in general and for specific departments (e.g. customer facing, R&D).
• Customer enablement: the main point of contact for customers regarding security inquiries, including managing top-tier customer calls, legal agreements and questionnaires. In parallel, create customer-facing materials to enhance customer understanding of monday.com's security posture.

Requirements

• Minimum of 5 years of experience in GRC roles, with at least 2 years in leading teams, preferably in SaaS companies of 500+ employees.
• Strong understanding and practical experience of industry standards and frameworks such as ISO 27001, SOC2, NIST, GDPR, HIPAA.
• Legal background - an advantage.
• Advanced knowledge of risk assessment methodologies, controls implementation, incident response management, vendor assessment, awareness initiatives, and compliance monitoring.
• Ability to assess and communicate effectively security and privacy risks to technical and non-technical stakeholders of different seniority.
• Proven track record of successfully leading and managing teams, including strong decision-making and problem-solving skills, and ability to foster a collaborative and inclusive work environment.
• Excellent verbal and written communication skills in English and Hebrew, and ability to communicate complex concepts in a clear manner.
• Strong analytical and critical thinking skills to identify risks, gaps, and areas of improvement in existing processes and create strategies for mitigating risks effectively.
• Demonstrated ability to handle multiple tasks, prioritize effectively, and meet deadlines in a dynamic and fast-paced environment.