monday.com

Security Governance & Risk Compliance

Posted An Hour Ago

Be an Early Applicant

Tel Aviv, ISR

Hybrid

Junior

Artificial Intelligence • Productivity • Sales • Software

Shaping the way the world works.

The Role

Hands-on GRC role owning vendor risk management, compliance (ISO 27001, SOC 2, SOX), security governance, policy updates, and security awareness programs. Manage audits, vendor assessments, control mapping, and remediation tracking while collaborating with Security, R&D, Legal, Privacy, and Procurement. Temporary position covering parental leave.

Summary Generated by Built In

About the Role
monday.com is looking for a GRC Security Specialist to join our Security Department.
This is a hands-on, execution-focused role within our GRC Security & Trust Group.
You'll own real workstreams, including compliance programs, vendor risk management, security governance, and security awareness.
You’ll be part of a small, focused team that moves fast and builds things that scale.
You'll collaborate closely with Security domains, R&D, Infra, IT, Legal, Privacy, and Procurement to make sure our security controls and compliance processes are practical, effective, and aligned with how the business actually works.

Key Responsibilities
● Vendor risk management: Own the end-to-end vendor security assessment process
across all risk tiers, covering software, AI capabilities, service providers, and external
workforce. This includes conducting a kick-off meeting with the business stakeholder to
understand the use case and data exposure, assigning a risk rating, sending and
managing security questionnaires, evaluating vendor responses using AI-powered
security tools, reviewing security exhibits and contractual requirements, consolidating
findings, and driving each review to a clear decision.
● Compliance and certifications: Manage external security audits end-to-end and ongoing
compliance maintenance for frameworks such as ISO 27001 and SOC 2, including control
mapping, evidence collection, stakeholder coordination, and auditor reporting. Support
the SOX & internal audits compliance workstream through audit cycles and track
remediations to closure.
● Policies and Procedures: Drive the annual review and update of security policies based on
audit findings and regulatory changes. Manage policy exceptions and recommend
corrective actions.
● Governance: Own governance actions across assigned security domains - identifying
risks, aligning controls, and driving decisions end-to-end. Lead security routine weeks
across the organization. Serve as the go-to person for employees on security and
compliance matters.
● Awareness and education: Lead security awareness and training activities, including
phishing simulations, online training programs, and company-wide security events using
AI-powered security tools.

Your Experience & Skills

● 2+ years in GRC, information security, or compliance — preferably in a SaaS company
● Strong working knowledge of security and privacy frameworks: ISO 27001, SOC 2, GDPR,
HIPAA, and NIST
● Proven ability to run TPRM independently: assess vendors, rate risk, and drive reviews to
a clear decision
● AI-native working style. Use AI tools to accelerate your work: drafting policies,
summarizing vendor responses, researching frameworks, and structuring audit evidence
● Comfortable working across technical and non-technical stakeholders — translating
security requirements into language that lands
● Strong sense of ownership, responsibility, and problem-solving approach
● Ability to manage multiple active workstreams without losing detail
● Excellent written and verbal communication in Hebrew and English

Please note: This is a temporary position supporting our GRC team during a team member's
parental leave.

Skills Required

2+ years in GRC, information security, or compliance (preferably in a SaaS company)
Strong working knowledge of ISO 27001, SOC 2, GDPR, HIPAA, NIST, and SOX
Proven ability to run third-party risk management (TPRM) independently: assess vendors, rate risk, and drive reviews to closure
Experience managing external security audits and ongoing compliance maintenance (control mapping, evidence collection, auditor reporting)
AI-native working style; experience using AI-powered security tools to draft policies, summarize vendor responses, and structure audit evidence
Experience leading security awareness and training activities, including phishing simulations and company-wide events
Ability to manage multiple active workstreams without losing detail and translate security requirements for technical and non-technical stakeholders
Excellent written and verbal communication in Hebrew and English

What the Team is Saying

View all jobs at monday.com

View monday.com Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: New York, NY

3,049 Employees

Year Founded: 2012

What We Do

At monday.com, we help teams get more work done. We are the best AI work platform that empowers teams to automate, build, and scale their impact end-to-end with tools that actually execute the work for you. With over $1B in ARR, 250,000+ customers, and a global team, we’re serious about building a product people love to use and giving our employees the same ownership and flexibility to shape the way the world works.

Why Work With Us

At monday.com we believe in transparency, accountability, and impact. Together, those values have lent themselves to create a strong culture of professional and creative autonomy where every team member is encouraged to share ideas and help bring them to life!