Listen to our podcast, catch insights from our team and get to know the monday.com culture
Over 100,000 organisations in over 200 industries in more than 140 countries trust monday.com to liberate their teams from menial and mundane work, enabling them to plan and run business processes, projects, and everyday work - fast, their way.
With monday.com, teams solve problems faster, instantly adapt, and continually improve. They become more fulfilled as they achieve extraordinary results. They become agents of excellence.
We’re looking for a Chief Information Security Officer who lives and breathes web application and infrastructure security and wants to join one of Israel’s fastest growing startups. You will take on the paramount task of building a dedicated security team, reshaping our development lifecycle and leading the way in “everything security” from the perspective of making our product more secure and our work processes better. We value initiative and are eager to listen and learn from those who bring in new experience and value to our team, which is exactly what we expect from our new CISO.
We see security as an integral part of our offering to our customers and strive to proactively improve it all the time. We see security as a key value. monday.com holds the most important and sensitive data of organizations.
We're interested in someone who wants to create best in class security posture ("real security", not just compliance).
Our Stack: Ruby on Rails, Node.js, Elasticsearch, Redis, Memcached, MySQL, Docker, Kubernetes, AWS, Ansible, Terraform, Mac/Linux
A little bit more about our engineering team:
More on Impact-driven R&D
The impact engineering culture
The dedicated security team, led by the CISO, will be responsible for enhancing our security posture in a variety of fields and ways, evaluating it on a regular basis and offering their insights on what and how we should move forward. Among those:
- Build and scale strong security team - creating scale strategy, recruiting for relevant positions, mentoring, building processes, etc.
- Reviewing and improving our cloud network and application architecture.
- Impact on the product roadmap security wise.
- Security questionnaires and security appendix management- support sales teams and processes improvements.
- Integrating and operating new security solutions.
- Reviewing and improving our global corporate IT infrastructure and processes.
- Be both a technical leader and people manager.
- Coordinating penetration tests and bug bounty efforts.
- Cooperating with the operations and legal teams on security-related issues, including compliance, physical and internal security.
- Serving as a hub of knowledge for developers, infrastructure engineers and operation staff, and to the security engineers who make up the team.
- Leading our ongoing efforts to improve our security on all fronts and wherever the CISO sees fit.
- Get decisions using data in a fully transparent environment, where you'll be part of all aspects of the business.
- Mentor your team in a way that will allow them to run fast forward, independently.
- Security incidents management, lead the security IRT, communicating with customers, etc.
- Conducting risk management and prioritization processes.
- Accountable for all aspects of security from A-Z.
Here is a little more about our security efforts:
Protecting Our Customers Data- https://www.startupforstartup.com/protecting-our-customers-data/
GDPR – From Compliance To An Opportunity - https://www.startupforstartup.com/gdpr-from-compliance-to-an-opportunity/
- 4+ years experience as a Chief Information Security Officer or equivalent position.
- Experience in AWS production environment.
- Extensive knowledge of web security, based on the OWASP Top 10 security risks, impact and mitigation.
- Experience in communication with customers, desirable with enterprises.
- Extensive knowledge of network and cloud infrastructure security and best practices.
- Familiarity with local security and privacy related regulations and certifications (e.g. ISO 27001, SOC2, NIST, GDPR...)
- Ability to see the big picture and balance the needs of the product with security needs.
- Team player, egoless, strong communication skills and empathy.
- Previous experience as Chief Information Security Officer in SAAS company
- Cyber security certification (e.g. CISSP, GSEC, CEH, ECSS, CCISO...)
- DevOps and Infrastructure experience