GRC Team Lead

Description

We are looking for a highly skilled, motivated and experienced GRC (Governance, Risk Management & Compliance) Team Lead to join us! 

The Team Lead will own the GRC domain end-to-end, lead a boutique team and play a key position in the Security Group. The team lead will work closely with different levels of seniority from various departments (Legal, R&D, IT etc.) and will possess strong capabilities of working collaboratively and communication skills. 

This is a unique opportunity to play a pivotal role in ensuring that our organization adheres to regulatory requirements, industry standards, and best practices while effectively managing risks associated with our operations, especially in light of our fast growth and readiness for scale.

About The Role

• Leadership: Lead the GRC team, develop and empower the team’s personnel (including crafting the team’s PDP - Personal Development Plan), vision, and strategic planning, accompanied by budget and OKRs, and develop a comprehensive annual work plan, consisting of both innovation and operations activities.
• Governance: Review, update, and execute policies, procedures, and periodic ceremonies to ensure alignment with customer requirements, certifications, and regulations.
• Compliance: Manage monday.com's security compliance domain, ensuring compliance with SOC 1,2,3, ISO 27001, 27017, 27018, 27032, and 27701, while extending the compliance suite and gaining additional business impact.
• Risk management: Managing the company's security risk management activities, including managing incident response procedures, conducting periodic resilience status and risk assessments alongside remediation plans, and considering global threats as well as internal business changes and demands.
• Vendor risk management: Responsible for the TPRM (third-party risk management) program, while assessing on an ongoing basis various vendors (systems and services), while constantly improving the vendor assessment and management processes (deployment review, offboarding, etc.).
• Incident Response: Collaborate with incident response teams to develop and maintain incident response plans and procedures. Participate in incident response activities as needed to mitigate security incidents.
• Training & awareness: Responsible for the monday.com’s security awareness program for employees, conducting company-facing training sessions, enrichment activities, and drills, while also tailoring training for specific departments.

Requirements

• Minimum of 5 years of experience in GRC roles, with at least 2 years in leading teams, preferably in SaaS companies of 500+ employees.
• Strong understanding and practical experience of industry standards and frameworks such as ISO 27001, SOC2, NIST Cybersecurity Framework, GDPR, HIPAA, or other relevant regulations.
• Legal background - An advantage.
• Advanced knowledge of risk assessment methodologies, controls implementation, incident response management, vendor assessment, awareness initiatives, and compliance monitoring.
• Ability to assess and communicate potential security risks to technical and non-technical stakeholders of different seniority effectively, including the ability to understand technical, legal, and data privacy considerations.
• Proven track record of successfully leading and managing teams. Strong decision-making and problem-solving skills to guide the GRC team members effectively. Ability to foster a collaborative and inclusive work environment.
• Excellent verbal and written communication skills in English and Hebrew, to interact with cross-functional teams, executive management, and external stakeholders. Ability to communicate complex concepts in a clear and concise manner
• Strong analytical and critical thinking skills to identify risks, gaps, and areas of improvement in existing processes and create strategies for mitigating risks effectively.
• Demonstrated ability to handle multiple tasks, prioritize effectively, and meet deadlines in a dynamic and fast-paced environment.