monday.com logo
Apply to this job

Security GRC Specialist - Mat. Leave Cover (1 year)

InTechTemporarytelavivTel-Aviv, IL

About the Role
monday.com is looking for a GRC Security Specialist to join our Security Department.
This is a hands-on, execution-focused role within our GRC Security & Trust Group.
You'll own real workstreams, including compliance programs, vendor risk management, security governance, and security awareness.
You’ll be part of a small, focused team that moves fast and builds things that scale.
You'll collaborate closely with Security domains, R&D, Infra, IT, Legal, Privacy, and Procurement to make sure our security controls and compliance processes are practical, effective, and aligned with how the business actually works.


Key Responsibilities
● Vendor risk management: Own the end-to-end vendor security assessment process
across all risk tiers, covering software, AI capabilities, service providers, and external
workforce. This includes conducting a kick-off meeting with the business stakeholder to
understand the use case and data exposure, assigning a risk rating, sending and
managing security questionnaires, evaluating vendor responses using AI-powered
security tools, reviewing security exhibits and contractual requirements, consolidating
findings, and driving each review to a clear decision.
● Compliance and certifications: Manage external security audits end-to-end and ongoing
compliance maintenance for frameworks such as ISO 27001 and SOC 2, including control
mapping, evidence collection, stakeholder coordination, and auditor reporting. Support
the SOX & internal audits compliance workstream through audit cycles and track
remediations to closure.
● Policies and Procedures: Drive the annual review and update of security policies based on
audit findings and regulatory changes. Manage policy exceptions and recommend
corrective actions.
● Governance: Own governance actions across assigned security domains - identifying
risks, aligning controls, and driving decisions end-to-end. Lead security routine weeks
across the organization. Serve as the go-to person for employees on security and
compliance matters.
● Awareness and education: Lead security awareness and training activities, including
phishing simulations, online training programs, and company-wide security events using
AI-powered security tools.

Your Experience & Skills

● 2+ years in GRC, information security, or compliance - preferably in a SaaS company
● Strong working knowledge of security and privacy frameworks: ISO 27001, SOC 2, GDPR,
HIPAA, and NIST
● Proven ability to run TPRM independently: assess vendors, rate risk, and drive reviews to
a clear decision
● AI-native working style. Use AI tools to accelerate your work: drafting policies,
summarizing vendor responses, researching frameworks, and structuring audit evidence
● Comfortable working across technical and non-technical stakeholders - translating
security requirements into language that lands
● Strong sense of ownership, responsibility, and problem-solving approach
● Ability to manage multiple active workstreams without losing detail
● Excellent written and verbal communication in Hebrew and English

Please note: This is a temporary position supporting our GRC team during a team member's
parental leave.

About the Role
monday.com is looking for a GRC Security Specialist to join our Security Department.
This is a hands-on, execution-focused role within our GRC Security & Trust Group.
You'll own real workstreams, including compliance programs, vendor risk management, security governance, and security awareness.
You’ll be part of a small, focused team that moves fast and builds things that scale.
You'll collaborate closely with Security domains, R&D, Infra, IT, Legal, Privacy, and Procurement to make sure our security controls and compliance processes are practical, effective, and aligned with how the business actually works.


Key Responsibilities
● Vendor risk management: Own the end-to-end vendor security assessment process
across all risk tiers, covering software, AI capabilities, service providers, and external
workforce. This includes conducting a kick-off meeting with the business stakeholder to
understand the use case and data exposure, assigning a risk rating, sending and
managing security questionnaires, evaluating vendor responses using AI-powered
security tools, reviewing security exhibits and contractual requirements, consolidating
findings, and driving each review to a clear decision.
● Compliance and certifications: Manage external security audits end-to-end and ongoing
compliance maintenance for frameworks such as ISO 27001 and SOC 2, including control
mapping, evidence collection, stakeholder coordination, and auditor reporting. Support
the SOX & internal audits compliance workstream through audit cycles and track
remediations to closure.
● Policies and Procedures: Drive the annual review and update of security policies based on
audit findings and regulatory changes. Manage policy exceptions and recommend
corrective actions.
● Governance: Own governance actions across assigned security domains - identifying
risks, aligning controls, and driving decisions end-to-end. Lead security routine weeks
across the organization. Serve as the go-to person for employees on security and
compliance matters.
● Awareness and education: Lead security awareness and training activities, including
phishing simulations, online training programs, and company-wide security events using
AI-powered security tools.

Your Experience & Skills

● 2+ years in GRC, information security, or compliance - preferably in a SaaS company
● Strong working knowledge of security and privacy frameworks: ISO 27001, SOC 2, GDPR,
HIPAA, and NIST
● Proven ability to run TPRM independently: assess vendors, rate risk, and drive reviews to
a clear decision
● AI-native working style. Use AI tools to accelerate your work: drafting policies,
summarizing vendor responses, researching frameworks, and structuring audit evidence
● Comfortable working across technical and non-technical stakeholders - translating
security requirements into language that lands
● Strong sense of ownership, responsibility, and problem-solving approach
● Ability to manage multiple active workstreams without losing detail
● Excellent written and verbal communication in Hebrew and English

Please note: This is a temporary position supporting our GRC team during a team member's
parental leave.

Apply to this job

Autofill from Resume

Upload your resume to automatically fill in your application details


Basic Info


Please review our privacy practices: Privacy policy: monday.com

Apply to this job

Autofill from Resume

Upload your resume to automatically fill in your application details


Basic Info


Please review our privacy practices: Privacy policy: monday.com

We believe in equal opportunity.

At monday.com, we believe everyone should feel they belong - exactly as they are. We’re an equal opportunity employer, committed to an open, accessible, and inclusive workplace free from discrimination or harassment of any kind.

All qualified candidates will be considered for employment, regardless of race, color, religion, nationality, sexual orientation, gender identity, age, marital status, pregnancy, family or parental status, disability, veteran status, or any other characteristic protected by law.

If you need support or accommodation during the hiring process, we’re here to help.

Meet the InTech team

The Information Systems and Data Organization aims to empower Monday's employees to perform at their best in their core professions.

Our team focuses on three main things - Support business processes effectively, support our information systems, ensure our technology infrastructure is optimized, and provide insights into our data in order to make informed decisions.