Governance, Risk & Compliance
Posted on 6/28/2022
New York, NY, USA
- Clear communication - the ability to articulate thoughts and express ideas effectively using oral, written, visual and non-verbal communication skills, as well as listening skills to gain understanding
- Ethical practice - the ability to integrate core values, integrity and accountability throughout all organizational and business practices
- Detail-oriented - exercises extreme attention to detail; is thorough, accurate, organized, and productive and seeks to understand both the cause and effect of a situation
- Risk assessment - applying a logical step-by-step process to protect, and consequently minimize risks to, the organization, interests and employees
- Manages complexity - making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems
- Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You're an active listener, treat people respectfully, and have a strong desire to know and help others
- Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You're curious, ask open questions, and are receptive to thoughts and feedback from others
- Grit - You demonstrate grit by having the courage to commit and persevere. You're committed, earnest, and dive in to get the job done well with a positive attitude
- Integrity - Simply put, do what you say and say what you'll do. You're honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example
- Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”
- Minimum of 10 years of cyber security experience, with a combined background of technology and compliance, preferred
- Minimum of 5 years in a leadership position, with experience managing any Security Governance, Risks, and Compliance (GRC) functions or Internal Audit function
- Minimum of 5 years experience in GRC, familiar with SOC2, SOX or PCI compliance
- Extensive experience in risk management, vendor and client security management
- CISSP and CISM certifications and/or advanced degree in Systems Assurance or Information Systems, a plus
- Familiarity with cyber security frameworks and risk management frameworks, with experience in implementing and applying frameworks into actionable tasks
- Experience with tech company and cloud is required. Experiences with other industry such as HR, health & insurance is preferred
- Security experience in digital operations working with the business to redesign ways of working and re-engineering process infrastructure to activate operational agility, efficiency, and business growth while maintaining security
- Strong communication and presentation skills. Ability to present complex compliance issues in an easy-to-understand manner for executive management
- Ability to communicate clearly and effectively with both technology/development and business partners
- Strong relationship, team building, and facilitation skills
- Experience working in a complex matrix organization, as the security advisory team supports operational and transformational efforts for business verticals while driving a specific security objective
- Solid and demonstrable comprehension of cyber security including malware, threats, attacks, incidents, and vulnerability management
- Experience in a fast-paced and occasionally, high-stress environment
- Ability to think strategically; work with a sense of urgency and pay attention to detail
- Strong team player that collaborates well with others to solve problems and actively incorporates input from various sources
- A reliable and trustworthy leader with outstanding work ethic
- Independent and creative thinker with the willingness to "step outside the box" and take reasonable, calculated risks
- Work with the Chief Information Security Officer (CISO) and other leaders to create and manage enterprise-wide security governance and risk management program, and ensure Digital Security practices align with business objectives, digital security vision, and evolving threat landscape challenges
- Design and drive the digital security and integrated risk management strategy, framework, tools, and processes
- Responsible for strategizing, managing, resource planning and hiring, measuring (SLAs, OKRs), partner development, and other aspects of running GRC as a service
- Introduce the necessary GRC tools or platforms to define, simplify, and automate the risk management processes, and enhance Incident Management and Vulnerability Management
- Oversee, maintain, and track Justwork's Security Risk Registry
- Redefine and develop a robust set of security policies and standards applicable to Justworks agile development, zero-trust environment, and emerging threat landscapes
- Enhance the Security Compliance Program to ensure regulatory compliance, especially with business growth and scope changes, and to mature the program in the future to measure internal compliance against our new policies and standards
- Build a cross-functional security governance model and effectively run various governance committees to ensure stakeholders align on the risk acceptance level, and priorities to manage risks
- Establish a solid third-party risk management program and ensure security risks are addressed from evaluation of the vendors/suppliers and contracts negotiation to ongoing assessment of vendors/suppliers' security posture
- Set the direction and mature the security awareness and training program. Establish an ongoing awareness and training program to educate all Justworkers on doing the right things for Justworks
- Work with the CISO to define security metrics and develop GRC dashboard. Continuously and routinely measure and report the effectiveness of the security programs, overall security resilience risk posture improvement, and maturity growth
- Work closely with Legal, Internal Audit, and external entities as needed to support Enterprise Risk Management
Payroll and benefits facilities platform
Justworks’ mission is to help entrepreneurs and businesses grow with confidence. The company is building software for payroll, benefits, HR, and compliance.
- Health - Believe in our vision. Medical and dental, too. Get support for your mental and financial health. Beta test new benefits and perks for our platform.
- Workplace - Volunteer and get paid to give back. Take paid parental leave. Enjoy monthly team events that help turn coworkers into lifelong friends.
- Wellness - Enjoy subsidized ClassPass memberships. Take advantage of regular yoga, meditation, and other wellness programming.
- Perks - Be an owner, not an employee. Get time off whenever you need it. Take a sabbatical. Invest in your future financially and with professional learning and development opportunities.
- Camaraderie - As a growing company ourselves, we know how crucial teamwork, higher purpose, and a healthy dose of fun can be to success. We’re here to help businesses bring great people together to accomplish important things, while enjoying themselves at the same time.
- Openness - We believe in radical transparency. This means we will never charge hidden fees, we will always be upfront with what we can and cannot do, and if we're not a good fit for you, we'll help you understand who might be.
- Grit - They say when the going gets tough, the tough get going. We are a team of hardworking individuals who are building the best product there is to help your business succeed. We are here to do the hard work.
- Integrity - Without trust, there is no partnership. And without integrity, there is no trust. We will always be open with you about changes and charges. You can always reach out to us with questions, concerns or if you just want to chat about your business needs.
- Simplicity - Payroll, benefits, HR, and compliance aren't traditionally known for their simplicity. But we've made it our mission to streamline and simplify these normally complicated parts of doing business. This means an easy-to-use product for both you and your employees.