GRC Program Manager

About Gusto

Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 100,000 businesses nationwide.

Our mission is to create a world where work empowers a better life, and it starts right here at Gusto. That’s why we’re committed to building a collaborative and inclusive workplace, both physically and virtually. Learn more about our Total Rewards philosophy.

Gusto Embedded is the newest standalone business unit at Gusto and our first product is Gusto Embedded Payroll. Our vision is to enable any third party developer to build the best payroll product for their end customers. Gusto Embedded Payroll will power our strategic partners' payroll offering through APIs, unlocking market share and ushering in the future of the people platform.  You can read more about why our Founders are so excited for and committed to Gusto Embedded Payroll in this recent blog post by Co-Founder and Chief Product Officer, Tomer London.

As a GRC Program Manager, you will lead our end to end process for Gusto Embedded. You will work closely with a team of Solutions Engineers on all things security in supporting our Partners in their evaluation of our payroll product, and our confirmation of their software security approach. Your primary responsibilities will include Security Assessments of our partner’s software to ensure it’s secure, yearly security validation of these partners, and supporting our teams in Partner reviews / audit’s of Gusto’s security. 

Here’s what you’ll do day-to-day:

• Lead our end-to-end security program and strategy within Gusto Embedded
• Establish a process and maintain our security questionnaire platform to ensure accurate information
• Be the bridge to our core security team, representing their needs and requirements for engaging with partners within Gusto Embedded
• Communicate our security process with partners both verbally and written while helping partners understand why and the value of a secure payroll application
• Review submitted assessments by partners focusing on key security areas, evaluating key security areas they are currently lacking
• Work closely with your Solutions Engineers to plan and understand the best path for communicating security requirements back to partners, being mindful of other business objectives in flight
• On an annual basis, work with partners to ensure, collect and document consistent security validation of their product 
• Be the direct point of contact with security software partners, e.g. VISOTrust & Vanta, to ensure we have the right tools in place to support our partners 
• Be the expert on all things security as related to gusto.com, gusto embedded and our approach to secure software development. 
• Support Solutions Engineers in the Security review of Gusto by Large partners
• Lead onsite assessments and audits of Gusto by key partners, pulling in other departments (IT, infrastructure, etc.) where needed.
• Oversee and keep track progress for any remediation plans required by our Gusto Embedded Partners. 

Here’s what we're looking for:

• Minimum 4-7 years of work experience in GRC,  information security, program/project management, or similar capacities
• Deep understanding of the software security landscape. Areas that enterprise organizations require to achieve key compliances like SOC2, ISO, NIST, PCI DSS, HIPAA, FIPS,  etc. 
• Ability to communicate effectively and concisely with all levels of internal and external stakeholders.
• Analytical, problem-solving, negotiation and organizational skills with a clear experience focusing under pressure.
• Experience driving projects end-to-end independently, including evaluating, defining and improving end-to-end processes.
• Strong interpersonal skills and the ability to influence stakeholders and partner teams, especially in collaborating with different individuals across the organization.
• Experience managing competing priorities and simultaneous/concurrent projects in a fast-paced environment.
  

Nice to haves:

• 3+ years of experience in a similar role (security engineering, security program manager,) and a broad technical background across different security expertise
• Experience in GRC, audit, compliance or assisting an organization in working towards certification (SOC2, PCI, HIPAA)
• Professional certification such as CISA, PMP, CISM

Our cash compensation amount for this role is targeted at between $161,000 to $179,000/yr in Denver & most remote locations, and $200,000 to $222,000/yr for San Francisco & New York. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.

Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.

Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations@gusto.com.