Who You Are

Justworks’ Digital Security team is responsible for the security of Justworks products, platforms, services, and corporate operations. Led by the Chief Information Security Officer, Digital Security’s vision is to become the partner and enabler for business and engineering by working collaboratively with others to embed security in business hygiene and engineering DNA to strengthen our cyber resilience. We are very excited to search for an experienced and motivated security leader to join the team to lead and manage the Security Governance, Risk, and Compliance (GRC) function.

This Director of GRC role will provide expert leadership in all matters pertaining to governance, risk management, and compliance, ensuring security programs are successfully executed to protect Justworks customers and strengthen cyber resilience for Justworks. This role will be responsible for providing a risk management framework and process, governance oversight, and ensuring compliance with regulations and our internal policies/standards. This Director will report to the VP, Chief Information Security Officer (CISO).

Your Success Profile

What You Will Work On

• Work with the Chief Information Security Officer (CISO) to lead and manage enterprise-wide security governance and risk management program, and ensure Digital Security practices align with business objectives, digital security vision, and evolving threat landscape challenges.
• Design and drive the digital security and integrated risk management strategy, framework, tools, and processes.
• Responsible for strategizing, managing, resource planning and hiring, measuring (SLAs, OKRs), partner development, and other aspects of running GRC as a service. ‍
• Introduce the necessary GRC tools or platforms to define, simplify, and automate the risk management processes, and enhance other processes with Digital Security. .
• Oversee, maintain, and track Justwork’s Security Risk Registry as part of the risk management process. Leverage AI to improve the efficiency and effectiveness of the process.
• Work with procurement, legal, IT and other stakeholders closely on the TPRM (3rd-party risk management) program to effectively manage vendor risks. Responsible for the initial and continuous vendor risk assessment as well as 3rd party risk tracking and remediation.
• Continue to enhance Justworks’ security policies and standards based on Justworks agile development, zero-trust environment, and emerging threat landscapes.
• Enhance the Security Compliance Program to ensure regulatory compliance, especially with business growth and scope changes, and to mature the program in the future to measure internal compliance against our new policies and standards.
• Build a cross-functional security governance model and effectively run various governance committees to ensure stakeholders align on the risk acceptance level, and priorities to manage risks.
• Continue to enhance and mature the security awareness and training program effectively.
• Work with the CISO to define security metrics and develop GRC dashboard. Continuously and routinely measure and report the effectiveness of the security programs, overall security resilience risk posture improvement, and maturity growth.
• Work closely with internal Audit and entities to support Enterprise Risk Management.

How You Will Do Your Work

As a Director, Governance, Risk & Compliance, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

• Clear communication - The ability to articulate thoughts and express ideas effectively using oral, written, visual and non-verbal communication skills, as well as listening skills to gain understanding.
• Ethical practice - The ability to integrate core values, integrity and accountability throughout all organizational and business practices.
• Detail-oriented - Exercising extreme attention to detail; you’re thorough, accurate, organized, and productive and seek to understand both the cause and effect of a situation.
• Manage complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
• Risk assessment - Apply a logical step-by-step process to protect, and consequently minimize risks to, the organization, interests and employees.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
• Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
• Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

Qualifications

• Minimum of 10 years of cyber security experience, with a combined background of technology and compliance, preferred.
• 7+ years in a leadership position, and 5+ years experience in managing any Security Governance, Risks, and Compliance (GRC) functions and/or Internal Audit function.
• Solid experience and be familiar with SOC2, SOX, GDPR. CCPA or PCI compliance.
• Extensive experience in risk management, vendor and client security management.
• CISSP and CISM certifications and/or advanced degree in Systems Assurance or Information Systems, a plus.
• Familiarity with cyber security frameworks and risk management frameworks, with experience in implementing and applying frameworks into actionable tasks.
• Experience with tech companies and the cloud is required. Experiences with other industry such as HR, health & insurance is preferred
• Solid experience in management and operations. Demonstrated the ability to redesign ways of working and re-engineering processes to activate operational agility, efficiency, and business growth while maintaining security.
• Strong communication and presentation skills, with the ability to present complex risk issues in an easy-to-understand manner for executive management, as well as the ability to communicate clearly and effectively with both technology/development and business partners.
• Strong relationship management, team building, and facilitation skills.
• Experience working in a complex matrix organization, as the security advisory team supports operational and transformational efforts for business verticals while driving a specific security objective.
• Solid and demonstrable comprehension of cyber security including malware, threats, attacks, incidents, and vulnerability management.
• Experience in a fast-paced and occasionally, high-stress environment.
• Ability to think strategically; work with a sense of urgency and pay attention to detail.
• Strong team player that collaborates well with others to solve problems and actively incorporates input from various sources.
• A reliable and trustworthy leader with an outstanding work ethic.
• Independent and creative thinker with the willingness to "step outside the box" and take reasonable, calculated risks.

The base wage range for this position based in our New York City Office is targeted at $250,000.00 to $300,000.00 per year.

#LI-Hybrid #LI-CE1