Director, Governance Risk & Compliance

Director, Governance Risk & Compliance New York, New York Apply Who We Are At Justworks, youu2019ll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people. Weu2019re helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. Weu2019re data-driven and never stop iterating. If youu2019d like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, weu2019d love to hear from you. We're united by shared goals and shared motivations at Justworks. These are best summed up in our company values, which are reflected in our product and in our team. Our Values ( If this sounds like you, youu2019ll fit right in. Who You Are Justworksu2019 Digital Security team is responsible for the security of Justworks products, platforms, services, and corporate operations. Led by the Chief Information Security Officer, Digital Securityu2019s vision is to become the partner and enabler for business and engineering by working collaboratively with others to embed security in business hygiene and engineering DNA to strengthen our cyber resilience. We are very excited to search for an experienced and motivated security leader to join the team to lead and manage the Security Governance, Risk, and Compliance (GRC) function. This Director of GRC role will provide expert leadership in all matters pertaining to governance, risk management, and compliance, ensuring security programs are successfully executed to protect Justworks customers and strengthen cyber resilience for Justworks. This role will be responsible for providing a risk management framework and process, governance oversight, and ensuring compliance with regulations and our internal policies/standards. This Director will report to the VP, Chief Information Security Officer (CISO). Your Success Profile What You Will Work On + Work with the Chief Information Security Officer (CISO) to lead and manage enterprise-wide security governance and risk management program, and ensure Digital Security practices align with business objectives, digital security vision, and evolving threat landscape challenges. + Design and drive the digital security and integrated risk management strategy, framework, tools, and processes. + Responsible for strategizing, managing, resource planning and hiring, measuring (SLAs, OKRs), partner development, and other aspects of running GRC as a service. u200d + Introduce the necessary GRC tools or platforms to define, simplify, and automate the risk management processes, and enhance other processes with Digital Security. . + Oversee, maintain, and track Justworku2019s Security Risk Registry as part of the risk management process. Leverage AI to improve the efficiency and effectiveness of the process. + Work with procurement, legal, IT and other stakeholders closely on the TPRM (3rd-party risk management) program to effectively manage vendor risks. Responsible for the initial and continuous vendor risk assessment as well as 3rd party risk tracking and remediation. + Continue to enhance Justworksu2019 security policies and standards based on Justworks agile development, zero-trust environment, and emerging threat landscapes. + Enhance the Security Compliance Program to ensure regulatory compliance, especially with business growth and scope changes, and to mature the program in the future to measure internal compliance against our new policies and standards. + Build a cross-functional security governance model and effectively run various governance committees to ensure stakeholders align on the risk acceptance level, and priorities to manage risks. + Continue to enhance and mature the security awareness and training program effectively. + Work with the CISO to define security metrics and develop GRC dashboard. Continuously and routinely measure and report the effectiveness of the security programs, overall security resilience risk posture improvement, and maturity growth. + Work closely with internal Audit and entities to support Enterprise Risk Management. How You Will Do Your Work As a Director, Governance, Risk & Compliance, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following: + Clear communication - The ability to articulate thoughts and express ideas effectively using oral, written, visual and non-verbal communication skills, as well as listening skills to gain understanding. + Ethical practice - The ability to integrate core values, integrity and accountability throughout all organizational and business practices. + Detail-oriented - Exercising extreme attention to detail; youu2019re thorough, accurate, organized, and productive and seek to understand both the cause and effect of a situation. + Manage complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems. + Risk assessment - Apply a logical step-by-step process to protect, and consequently minimize risks to, the organization, interests and employees. In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for: + Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. Youu2019re an active listener, treat people respectfully, and have a strong desire to know and help others. + Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. Youu2019re curious, ask open questions, and are receptive to thoughts and feedback from others. + Grit - You demonstrate grit by having the courage to commit and persevere. Youu2019re committed, earnest, and dive in to get the job done well with a positive attitude. + Integrity - Simply put, do what you say and say what you'll do. Youu2019re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example. + Simplicity - Be like Einstein: u201cEverything should be made as simple as possible, but no simpler.u201d Qualifications + Minimum of 10 years of cyber security experience, with a combined background of technology and compliance, preferred. + 7+ years in a leadership position, and 5+ years experience in managing any Security Governance, Risks, and Compliance (GRC) functions and/or Internal Audit function. + Solid experience and be familiar with SOC2, SOX, GDPR. CCPA or PCI compliance. + Extensive experience in risk management, vendor and client security management. + CISSP and CISM certifications and/or advanced degree in Systems Assurance or Information Systems, a plus. + Familiarity with cyber security frameworks and risk management frameworks, with experience in implementing and applying frameworks into actionable tasks. + Experience with tech companies and the cloud is required. Experiences with other industry such as HR, health & insurance is preferred + Solid experience in management and operations. Demonstrated the ability to redesign ways of working and re-engineering processes to activate operational agility, efficiency, and business growth while maintaining security. + Strong communication and presentation skills, with the ability to present complex risk issues in an easy-to-understand manner for executive management, as well as the ability to communicate clearly and effectively with both technology/development and business partners. + Strong relationship management, team building, and facilitation skills. + Experience working in a complex matrix organization, as the security advisory team supports operational and transformational efforts for business verticals while driving a specific security objective. + Solid and demonstrable comprehension of cyber security including malware, threats, attacks, incidents, and vulnerability management. + Experience in a fast-paced and occasionally, high-stress environment. + Ability to think strategically; work with a sense of urgency and pay attention to detail. + Strong team player that collaborates well with others to solve problems and actively incorporates input from various sources. + A reliable and trustworthy leader with an outstanding work ethic. + Independent and creative thinker with the willingness to

Created: 2025-10-04