Cyber Security Risk Assessment Specialist

We are monday.com, a global software company transforming how businesses run. Our product suite can adapt to the needs of diverse industries and use cases within one powerful platform, empowering ~245,000 customers worldwide to reimagine how work gets done, drive greater efficiency, and scale like never before.

With over 2,500 employees across the globe, we grow by prioritizing transparency and knowledge sharing. We care about the impact you make, not the hours you clock, so we encourage initiative, ownership, and fresh thinking. We back our people with flexible work, wellness and mental health support, and a work environment built on collaboration.

We are seeking a skilled and experienced Cyber Security Risk Assessment Specialist to join our boutique global GRC team. As a key member of the team, you will be at the forefront of managing the security department's risk and mitigation program and leading complex, cross-organizational strategic projects associated with various aspects of security. Reporting to the GRC & Operations Lead, this position is ideal for a strategic thinker and proactive problem-solver with fast execution skills and strong technical capabilities. You will effectively collaborate with both technical (R&D, IT, CIO) and non-technical (Legal, Procurement) stakeholders across various seniority levels.

Security risk management: 

• Lead the development and execution of the security department's risk and control program to identify, evaluate, and manage potential risks across the organization.
• Ensure the program aligns with industry best practices and provides actionable insights and recommendations to security leadership (Platform Security, CyberDefence and GRC).
• Continuously monitor and assess the effectiveness of risk management strategies and make necessary adjustments.

Cross-organizational security projects: 

• Lead complex cross-functional projects aimed at mitigating security risks and aligning them with strategic objectives of the department and company.
• Bring structure and clarity to complex and ambiguous situations, define project goals, plans, timelines, and resources and manage them effectively. 
• Ensure projects are executed on time and successfully by coordinating with various stakeholders, both technical (R&D, IT, CIO) and non-technical (Legal, Procurement).

Security operations: 

• Provide ongoing support for the team’s activities, such as the third-party risk management program, to identify, assess, and manage risks related to sensitive and critical third-party vendors and partners.
• Build efficient GRC workflows using automation, AI capabilities and other innovative technologies.
• Develop and maintain security policies, procedures, and guidelines to ensure compliance with regulatory requirements, as needed.

• Minimum of 3-5 years of experience in GRC positions within SaaS companies, and experience with SaaS-specific security challenges.
• Ability to effectively communicate complex security concepts and requirements to technical stakeholders, including developers and system administrators
• In-depth knowledge of information security regulatory requirements and industry standards, such as ISO 27001, GDPR, and NIST.
• Proven track record of successfully managing third-party risks and implementing risk management frameworks.
• Excellent project management skills, with the ability to lead cross-organizational initiatives and drive change.
• Strong analytical and problem-solving abilities, with a keen attention to detail.
• Exceptional communication and interpersonal skills, capable of influencing and collaborating with stakeholders at all levels.
• Ability to work in a fast-paced, dynamic environment and adapt to changing priorities.
• Familiarity with emerging technologies and their impact on security and risk management.
• Proficiency in English and Hebrew, both written and spoken, to effectively communicate with local and global teams and stakeholders.