VP, Information Security

At Justworks, you’ll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.

We’re helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. We’re data-driven and never stop iterating. If you’d like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, we’d love to hear from you.

We're united by shared goals and shared motivations at Justworks. These are best summed up in our company values, which are reflected in our product and in our team.

Our Values

If this sounds like you, you’ll fit right in.

You are an accomplished and proven leader in the information security space and have successfully led multiple security implementation projects and teams. Highly adaptable and comfortable working with a variety of different technology stacks. Justworks is building a company for the ages and we are looking for someone who can design and deploy the right tools so that Justworks and our customers stay protected.

This person should have strong cross-collaboration skills and is business savvy with a firm grasp of both technology and legal and risk management. This is a position that is perfect for a highly qualified information security professional looking to transition to an in-house opportunity in a high growth company.

You will report to the SVP & General Counsel and have dotted-line reporting into the Audit Committee Chair.

What You Will Work On

• Improve, manage, and monitor a strategic enterprise information program security that includes: security corporate governance, including, policies, processes, tooling, data classification, vendor security assessments, business continuity efforts
• Collaborate cross-functionally, including with engineering, legal, product, and IT teams, to build and strengthen information security and privacy across our service and infrastructure
• Support activities to ensure that risk and controls are in compliance with regulatory requirements and remain in line with company risk appetite
• Maintain a vendor information security and risk management program
• Drive security awareness and adoption across the organization and handle other related responsibilities
• Build metrics to track security risks and awareness
• Provide expertise and knowledge of current industry trends in technology and cybersecurity risk standards to improve the security posture across the company
• Lead and continue to build a team of security engineers and security professionals
• Coordinate security-related communication – keep Board of Directors and senior leadership aware of security priorities and assist with public relations, as appropriate
• Administer the security function, including budget management, identification and prioritization of security resource needs, as appropriate
• Monitor and analyze regulatory developments and best practices in security and drive training and employee education, as needed
• Develop and implement 24/7 security operation center
• Develop and implement a comprehensive threat detection across multiple environments and products
• Embrace Agile philosophy and deploy shift left security by design model
• Work closely with and manage outside security consultants, as appropriate
• Assist the SVP & General Counsel with other tasks as assigned from time to time
• Other duties as needed based on department and/or organizational needs

How You Will Do Your Work

As a VP, Information Security, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

• Clear communication - The ability to articulate thoughts and express ideas effectively using oral, written, visual and non-verbal communication skills, as well as listening skills to gain understanding.
• Ethical practice - The ability to integrate core values, integrity and accountability throughout all organizational and business practices.
• Detail-oriented - Exercising extreme attention to detail; you’re thorough, accurate, organized, and productive and seek to understand both the cause and effect of a situation.
• Manage complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
• Risk assessment - Apply a logical step-by-step process to protect, and consequently minimize risks to, the organization, interests and employees.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
• Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
• Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

Qualifications

• Minimum of 10 years of relevant experience in the information security space, with demonstrated experience building and scaling security teams and programs
• One or more relevant certifications preferred (CISSP, CISA, or CISM)
• Technical experience with endpoint security technologies, cloud security (AWS, Heroku), application security, and deploying zero-trust models
• Experience driving programs necessary to achieve compliance with relevant security and privacy regulations (i.e. ISO 27001, SOC 2, or equivalent certifications, GDPR/CCPA compliance)
• Experience using InfoSec assessment/audit tools and/or controls questionnaires
• Extraordinary interpersonal and communication skills; ability to communicate information effectively internally and
• externally and to drive cross-functional alignment and action
• Strong SaaS company experience, preferred
• Occasional travel is required

Please Note: Justworks requires all new hires to be fully vaccinated within six weeks of their hire date as a condition of employment unless you qualify for a reasonable accommodation. For additional information on our policy, please click here.

Justworks is committed to maintaining a workplace where diversity of identity, culture, and life experience is the norm and is celebrated authentically and respected consistently. Diversity in our work, our people, and our product drives creativity and innovation, entrepreneurial leadership and integrity, competitiveness, and collaboration throughout our business and in the market. We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our customers.

We’re proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, veteran status, or any other legally protected status. 

Our DEI Commitment