Director – Governance Risk & Compliance

Who You Are

At Justworks, we're on a mission to help entrepreneurs and growing businesses thrive by simplifying payroll, benefits, HR, and compliance. Our work supports a diverse and global workforce—so we're building a security team that can match our scale and ambition.

Justworks Digital Security (DS) team is responsible for the security of Justworks products, platforms, services, and corporate operations. Led by the Chief Information Security Officer, DS’s vision is to become the partner and enabler for business and engineering by working collaboratively with others to embed security in business hygiene and engineering DNA to strengthen our cyber resilience. We are very excited to expand the DS team with our search for an experienced and motivated security leader to join the team to lead and manage the Security Governance, Risk, and Compliance (GRC) function. 

This Director of GRC role will provide expert leadership in all matters pertaining to governance, risk management, and compliance, ensuring security programs are successfully executed to protect Justworks customers and strengthen cyber resilience for Justworks. This role will be responsible for providing a risk management framework and process, governance oversight, and ensuring compliance with Justworks policies/standards and regulations. This Director will report to the VP, Chief Information Security Officer (CISO).

Your Success Profile

What You Will Work On

• Work with the Chief Information Security Officer (CISO) and other leaders to refine and manage enterprise-wide security governance and risk management programs, and ensure Digital Security practices align with business objectives, digital security vision, and evolving threat landscape challenges.
• Design and drive the digital security and integrated risk management strategy, framework, tools, and processes.
• Responsible for strategizing, managing, resource planning and hiring, measuring (SLAs, OKRs), partner development, and other aspects of running GRC as a service. ‍
• Introduce the necessary GRC tools or platforms to define, simplify, and automate the risk management processes, and enhance Incident Management and Vulnerability Management.
• Oversee, maintain, and track Justwork’s Security Risk Registry.
• Redefine and develop a robust set of security policies and standards applicable to Justworks agile development, zero-trust environment, and emerging threat landscapes.
• Enhance the Security Compliance Program to ensure regulatory compliance, especially with business growth and scope changes, and to mature the program in the future to measure internal compliance against our new policies and standards.
• Build a cross-functional security governance model and effectively run various governance committees to ensure stakeholders align on the risk acceptance level, and priorities to manage risks.
• Work collaboratively with stakeholders like procurement, legal, IT and others to enhance the third-party risk management program and ensure security risks are addressed from evaluation of the vendors/suppliers and contracts negotiation to ongoing assessment of vendors/suppliers' security posture. 
• Set the direction and mature the security awareness and training program. Establish an ongoing awareness and training program to educate all Justworkers on doing the right things for Justworks. 
• Refine security metrics and develop GRC dashboard. Continuously and routinely measure and report the effectiveness of the security programs, overall security resilience, risk posture improvement, and maturity growth.
• Work closely with Legal, Internal Audit, and external entities as needed to support Enterprise Risk Management.

How You Will Do Your Work

As a Director, Governance, Risk & Compliance, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

• Clear communication - The ability to articulate thoughts and express ideas effectively using oral, written, visual and non-verbal communication skills, as well as listening skills to gain understanding.
• Ethical practice - The ability to integrate core values, integrity and accountability throughout all organizational and business practices.
• Detail-oriented - Exercising extreme attention to detail; you’re thorough, accurate, organized, and productive and seek to understand both the cause and effect of a situation.
• Manage complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
• Risk assessment - Apply a logical step-by-step process to protect, and consequently minimize risks to, the organization, interests and employees.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
• Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example. 
• Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

Qualifications

• Minimum of 10 years of cyber security experience, with a combined background of technology and compliance, preferred.
• Minimum of 7 years experience in GRC, familiar with regulations such as SOC2, GDPR, CCPA, SOX or PCI compliance.
• Minimum of 5 years in GRC leadership position, with experience managing any Security Governance, Risks, and Compliance functions or Internal Audit function.
• Extensive experience in risk management, vendor and client security management.
• Familiarity with cyber security frameworks and risk management frameworks, with experience in implementing and applying frameworks into actionable tasks.
• Extensive experience with cloud risk management and tech companies GRC function. Experiences with other industry such as HR, health & insurance is preferred
• Solid experience in management and operations. Demonstrated the ability to redesign ways of working and re-engineering processes to activate operational agility, efficiency, and business growth while maintaining security.
• Strong communication and presentation skills, with the ability to present complex risk issues in an easy-to-understand manner for executive management, as well as the ability to communicate clearly and effectively with both technology/development and business partners.
• Strong relationship management, team building, and facilitation skills.
• Experience working in a complex matrix organization, as the security advisory team supports operational and transformational efforts for business verticals while driving a specific security objective.
• Solid and demonstrable comprehension of cyber security including malware, threats, attacks, incidents, and vulnerability management.
• Experience in a fast-paced and occasionally, high-stress environment.
• Ability to think strategically; work with a sense of urgency and pay attention to detail.
• Strong team player that collaborates well with others to solve problems and actively incorporates input from various sources.
• A reliable and trustworthy leader with an outstanding work ethic.
• Independent and creative thinker with the willingness to "step outside the box" and take reasonable, calculated risks.
• CISSP and CISM certifications and/or advanced degree in Systems Assurance or Information Systems, a plus.

The base wage range for this position based in our New York City Office is targeted at $250,000.00 to $300,000.00 per year.

#LI-Hybrid #LI-CE1