Security Governance Risk and Compliance (GRC) Lead
Denver, CO;Atlanta, GA;Chicago, IL;Seattle, WA
About Gusto
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 300,000 businesses nationwide.
Our mission is to create a world where work empowers a better life, and it starts right here at Gusto. That’s why we’re committed to building a collaborative and inclusive workplace, both physically and virtually. Learn more about our Total Rewards philosophy.
Security Governance Risk and Compliance (GRC) Lead
(San Francisco, Denver, NYC or Remote)
Gusto processes billions of dollars in payroll every month for small businesses and their employees. Our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI), including SSNs, EINs, salaries, home addresses, and more. Our business is largely built on trust, as a result protecting our clients’ information is our top priority.
The Governance Risk and Compliance (GRC) team is responsible for ensuring that Gusto complies with all applicable laws, regulations and its own internal controls, manages its risks effectively, and maintains a high level of information security. As a Lead GRC Analyst at Gusto, you will play a critical role in ensuring that our organization adheres to the highest standards of governance, risk management, and compliance.
Here’s what you’ll do day-to-day:
- Develop, implement, and maintain a comprehensive compliance strategy and policies that align with the business goals and objectives.
- Establish and maintain compliance frameworks, policies, procedures, and controls to meet the requirements of SOC 1, SOC 2, ISO 27001, and other relevant standards.
- Identify and assess potential risks to the organization's data security and privacy.
- Develop and execute risk mitigation strategies to safeguard company assets and maintain business continuity.
- Plan, coordinate, and manage external audits and assessments.
- Work closely across teams to ensure successful completion of audits and remediation of identified issues.
- Provide training and awareness programs to ensure that employees are knowledgeable about compliance requirements.
- Continuously monitor changes in compliance regulations, standards, and best practices, and adapt the company's GRC program accordingly.
- Lead efforts to drive process improvement and enhance the effectiveness of the GRC function.
Here’s what we're looking for:
- 8+ years of experience in the GRC, audit, compliance space assisting an organization in working towards SOX, SOC 1, SOC 2, ISO 27001, PCI and HIPAA.
- Experience with ISO 27001, ISO 27002 and working knowledge of ISO 27005 and ISO 27018
- Relevant certifications (e.g., CISA, CISSP, CRISC, CISM) preferred.
- Excellent analytical, problem-solving, and project management skills.
- Ability to work collaboratively with cross-functional teams and stakeholders, from control owners up to the executive level.
- High attention to detail and a commitment to upholding the highest standards of data security and compliance.
Our cash compensation amount for this role is targeted at $144,000/yr to $180,000/yr in Denver & most remote locations, and $174,000/yr to $220,000/yr for San Francisco & New York. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.
Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale.
Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas.
When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required.
Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.
Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you require assistance in filling out a Gusto job application, please reach out to candidate-accommodations@gusto.com.
Tags: Audits CISA CISM CISSP Compliance CRISC Governance HIPAA ISO 27001 ISO 27002 ISO 27005 Privacy Risk management SOC SOC 1 SOC 2 SOX Strategy
Perks/benefits: Insurance
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs