FreeHire

monday.com

Security Governance & Risk Compliance

Show

About the Role
monday.com is looking for a GRC Security Specialist to join our Security Department.
This is a hands-on, execution-focused role within our GRC Security & Trust Group.
You'll own real workstreams, including compliance programs, vendor risk management, security governance, and security awareness.
You’ll be part of a small, focused team that moves fast and builds things that scale.
You'll collaborate closely with Security domains, R&D, Infra, IT, Legal, Privacy, and Procurement to make sure our security controls and compliance processes are practical, effective, and aligned with how the business actually works.


Key Responsibilities
● Vendor risk management: Own the end-to-end vendor security assessment process
across all risk tiers, covering software, AI capabilities, service providers, and external
workforce. This includes conducting a kick-off meeting with the business stakeholder to
understand the use case and data exposure, assigning a risk rating, sending and
managing security questionnaires, evaluating vendor responses using AI-powered
security tools, reviewing security exhibits and contractual requirements, consolidating
findings, and driving each review to a clear decision.
● Compliance and certifications: Manage external security audits end-to-end and ongoing
compliance maintenance for frameworks such as ISO 27001 and SOC 2, including control
mapping, evidence collection, stakeholder coordination, and auditor reporting. Support
the SOX & internal audits compliance workstream through audit cycles and track
remediations to closure.
● Policies and Procedures: Drive the annual review and update of security policies based on
audit findings and regulatory changes. Manage policy exceptions and recommend
corrective actions.
● Governance: Own governance actions across assigned security domains - identifying
risks, aligning controls, and driving decisions end-to-end. Lead security routine weeks
across the organization. Serve as the go-to person for employees on security and
compliance matters.
● Awareness and education: Lead security awareness and training activities, including
phishing simulations, online training programs, and company-wide security events using
AI-powered security tools.

Your Experience & Skills

● 2+ years in GRC, information security, or compliance — preferably in a SaaS company
● Strong working knowledge of security and privacy frameworks: ISO 27001, SOC 2, GDPR,
HIPAA, and NIST
● Proven ability to run TPRM independently: assess vendors, rate risk, and drive reviews to
a clear decision
● AI-native working style. Use AI tools to accelerate your work: drafting policies,
summarizing vendor responses, researching frameworks, and structuring audit evidence
● Comfortable working across technical and non-technical stakeholders — translating
security requirements into language that lands
● Strong sense of ownership, responsibility, and problem-solving approach
● Ability to manage multiple active workstreams without losing detail
● Excellent written and verbal communication in Hebrew and English

Please note: This is a temporary position supporting our GRC team during a team member's
parental leave.