Senior Manager, Governance, Risk & Compliance

At Justworks, you’ll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.

We’re helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. We’re data-driven and never stop iterating. If you’d like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, we’d love to hear from you.

We're united by shared goals and shared motivations at Justworks. These are best summed up in our company values, which are reflected in our product and in our team.

Our Values

If this sounds like you, you’ll fit right in.

Justworks Digital Security (JDS) team is responsible for the security of Justworks products, platforms, services, and corporate operations. Led by the Chief Information Security Officer, JDS’s vision is to become the partner and enabler for business and engineering by working collaboratively with others to embed security in business hygiene and engineering DNA to strengthen our cyber resilience. We are very excited to expand the JDS team with our search for an experienced and motivated security leader to join the team to lead and manage the Security Governance, Risk, and Compliance (GRC) function. 

This Senior Manager, GRC role will provide expert leadership in all matters pertaining to governance, risk management, and compliance, ensuring security programs are successfully executed to protect Justworks customers and strengthen cyber resilience for Justworks. This role will be responsible for providing a risk management framework and process, governance oversight, and ensuring compliance with Justworks policies/standards and regulations. This Sr. Manager will report to the VP, Chief Information Security Officer (CISO).

What You Will Work On 

• Work with the Chief Information Security Officer (CISO) and other leaders to create and manage enterprise-wide security governance and risk management program, and ensure Digital Security practices align with business objectives, digital security vision, and evolving threat landscape challenges.
• Design and drive the digital security and integrated risk management strategy, framework, tools, and processes.
• Responsible for strategizing, managing, resource planning and hiring, measuring (SLAs, OKRs), partner development, and other aspects of running GRC as a service. ‍
• Introduce the necessary GRC tools or platforms to define, simplify, and automate the risk management processes, and enhance Incident Management and Vulnerability Management.
• Oversee, maintain, and track Justwork’s Security Risk Registry.
• Redefine and develop a robust set of security policies and standards applicable to Justworks agile development, zero-trust environment, and emerging threat landscapes.
• Enhance the Security Compliance Program to ensure regulatory compliance, especially with business growth and scope changes, and to mature the program in the future to measure internal compliance against our new policies and standards.
• Build a cross-functional security governance model and effectively run various governance committees to ensure stakeholders align on the risk acceptance level, and priorities to manage risks.
• Establish a solid third-party risk management program and ensure security risks are addressed from evaluation of the vendors/suppliers and contracts negotiation to ongoing assessment of vendors/suppliers' security posture. 
• Set the direction and mature the security awareness and training program. Establish an ongoing awareness and training program to educate all Justworkers on doing the right things for Justworks. 
• Work with the CISO to define security metrics and develop GRC dashboard. Continuously and routinely measure and report the effectiveness of the security programs, overall security resilience risk posture improvement, and maturity growth.
• Work closely with Legal, Internal Audit, and external entities as needed to support Enterprise Risk Management.

How You Will Do Your Work

As a Senior Manager, GRC, , how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

• Clear communication - the ability to articulate thoughts and express ideas effectively using oral, written, visual and non-verbal communication skills, as well as listening skills to gain understanding.
• Ethical practice - the ability to integrate core values, integrity and accountability throughout all organizational and business practices.
• Detail-oriented - exercises extreme attention to detail; is thorough, accurate, organized, and productive and seeks to understand both the cause and effect of a situation.
• Risk assessment - applying a logical step-by-step process to protect, and consequently minimize risks to, the organization, interests and employees.
• Manages complexity - making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
• Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example. 
• Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

Qualifications

• Minimum of 10 years of cyber security experience, with a combined background of technology and compliance, preferred.
• Minimum of 5 years in a leadership position, with experience managing any Security Governance, Risks, and Compliance (GRC) functions or Internal Audit function.
• Minimum of 5 years experience in GRC, familiar with SOC2, SOX or PCI compliance.
• Extensive experience in risk management, vendor and client security management.
• CISSP and CISM certifications and/or advanced degree in Systems Assurance or Information Systems, a plus.
• Familiarity with cyber security frameworks and risk management frameworks, with experience in implementing and applying frameworks into actionable tasks.
• Experience with tech company and cloud is required. Experiences with other industry such as HR, health & insurance is preferred
• Security experience in digital operations working with the business to redesign ways of working and re-engineering process infrastructure to activate operational agility, efficiency, and business growth while maintaining security.
• Strong communication and presentation skills. Ability to present complex compliance issues in an easy-to-understand manner for executive management.
• Ability to communicate clearly and effectively with both technology/development and business partners.
• Strong relationship, team building, and facilitation skills.
• Experience working in a complex matrix organization, as the security advisory team supports operational and transformational efforts for business verticals while driving a specific security objective.
• Solid and demonstrable comprehension of cyber security including malware, threats, attacks, incidents, and vulnerability management.
• Experience in a fast-paced and occasionally, high-stress environment.
• Ability to think strategically; work with a sense of urgency and pay attention to detail.
• Strong team player that collaborates well with others to solve problems and actively incorporates input from various sources.
• A reliable and trustworthy leader with outstanding work ethic.
• Independent and creative thinker with the willingness to "step outside the box" and take reasonable, calculated risks.

Please Note: In accordance with New York City public health requirements, and because this position requires onsite work, this position will require the successful candidate to show proof of vaccination against COVID-19.  As an equal opportunity employer, Justworks will provide reasonable accommodation to those individuals who are unable to be vaccinated consistent with federal, state, and local law.

Justworks is committed to maintaining a workplace where diversity of identity, culture, and life experience is the norm and is celebrated authentically and respected consistently. Diversity in our work, our people, and our product drives creativity and innovation, entrepreneurial leadership and integrity, competitiveness, and collaboration throughout our business and in the market. We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our customers.

We’re proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, veteran status, or any other legally protected status. 

Our DEI Commitment