Lead Security Risk Analyst
2 weeks ago
Who We Are
At Justworks, you’ll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.
We’re helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. We’re data-driven and never stop iterating. If you’d like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, we’d love to hear from you.
We're united by shared goals and shared motivations at Justworks. These are best summed up in our company values, which are reflected in our product and in our team.
If this sounds like you, you’ll fit right in.
Who You Are
Justworks is seeking an exceptional Lead Security Risk Analyst to join our Governance Risk & Compliance (GRC) team. The Lead Security Risk Analyst will work cross-functionally with all areas of the company to develop security safeguards and countermeasures to protect Justworks assets, employees and customers. The Lead Security Risk Analyst will report to the Senior Manager, Governance Risk & Compliance and liaise with other teams across Digital Security.
Your Success Profile
What You Will Work On
Work with the GRC leader to provide guidance and solutions that protect Justworks, our products, customers and employees. Support GRC leader to build GRC strategy and multi-year roadmaps to mature Justwork’s GRC function. Provide technical leadership to build GRC’s capabilities such as cyber risk management, vendor security assessment, security training and communications, and our compliance program. Assist GRC leader to define Justworks risk management framework, leveraging NIST 800-53, CIS and others. Work with GRC leader to develop the compliance program for both regulatory compliance such as SOC2, GDPR, and compliance to our Justworks policies and standards. Monitor and analyze changes in relevant regulations and industry standards such as CCPA, GDPR, adapting company policies and procedures as needed. Partner with Engineering, IT, People, and Finance on control requirements and evidence production proactively in anticipation of SOC2/SOx, and customer audits. Lead and drive security assessments to enable the global Justworks to identify, assess, treat and monitor (via risk register) cybersecurity risks. Oversee findings brought forward through the risk reporting and risk exception process and report to security leadership where gaps exist. Collaborate with all stakeholders across the company to provide risk visibilities, and more importantly to lead and drive the mitigation of cyber risks. Drive on-going security assessments to enable the global Justworks to identify, assess, treat and monitor cybersecurity risks. Build a risk aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks. Partner with stakeholders when onboarding vendor solutions to ensure adequate controls are available and enabled in production. Build a robust vendor risk management program, including evaluating software supply chain security, vendor security assessments, and assurance vendor incident reporting. Oversee vendor relationship for applicable third party vendors providing service delivery of GRC related functions including but not limited to vendor management, security awareness training, GRC management and others. Engage with organizational stakeholders to develop and implement engaging and effective security and compliance training programs. Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing. Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver best work and develop their professional skills. Work with the Security Architecture and Engineering team to identify and implement missing capabilities for GRC to mature and advance GRC’s capabilities. Perform other related duties as assigned.
How You Will Do Your Work
As a Lead Security Risk Analyst, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:
Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome. Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better. Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism. Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking. Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:
Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others. Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others. Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude. Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example. Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”
Qualifications
At least 7+ years' experience directly in cybersecurity fields, with a demonstrated track record of leading complex GRC projects in at least two of the following areas: cyber risk management, vendor security management, policy & compliance, security awareness and communication A deep understanding of risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting Functional knowledge of security domains and information security industry standard and best practices Strong knowledge of third-party assessments, IT risk management, regulatory requirements and compliance and its overall business processes, controls and risk exposure Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices. Previous experience with GRC solutions - Archer, Workiva, LogicGate etc Technical understanding of cloud-based security in an AWS environment Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation Proven analytical abilities and using data/facts for decision-making Exceptional organizational skills with the ability to prioritize and manage multiple projects at the same time. A self-motivated person who can influence and drive cross-functional teams, promoting timely and effective communication Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables Security Certifications of CISSP, CISM, CRISC, CISA a plusThe base wage range for this position based in our New York City Office is targeted at $192,500.00 to $211,750.00 per year.
#LI-AD1 #LI-Hybrid #LI-JS1
Actual compensation is based on multiple factors that are unique to each candidate, including and not limited to skill set, level of relevant experience, and specific work location. Salary ranges for positions based in other locations may differ based on the cost of labor in that location.
For more information about Justworks’ Total Reward Philosophy, including all of the perks and benefits we are proud to offer our team members, please visit .
Diversity At Justworks
Justworks is committed to maintaining a workplace where diversity of identity, culture, and life experience is the norm and is celebrated authentically and respected consistently. Diversity in our work, our people, and our product drives creativity and innovation, entrepreneurial leadership and integrity, competitiveness, and collaboration throughout our business and in the market. We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our customers.
We’re proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital or familial status, disability, pregnancy, gender identity or expression, veteran status, genetic information, or any other legally protected status. Justworks is fully dedicated to providing necessary support to candidates with disabilities who may require reasonable accommodations. We also provide reasonable accommodations to employees based on their sincerely held religious beliefs, as well as for other covered reasons consistent with applicable federal, state, and local laws. If you're in need of a reasonable accommodation, please reach out to us at . Your comfort and success matter to us, and we're here to ensure an inclusive experience.
and
-
Lead Security Risk Analyst
4 weeks ago
New York, United States Justworks Full timeWho We Are At Justworks, you'll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people. We're helping businesses get off the ground by enabling them to focus on...
-
Security Risk Analyst
3 days ago
New York, New York, United States Justworks Full timeWho We AreAt Justworks, you'll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.We're helping businesses get off the ground by enabling them to focus on running...
-
Risk Intelligence, Lead Analyst
4 weeks ago
New York, United States META Full timeSummary: Meta is seeking a highly motivated team player to serve as a Risk Intelligence, Lead Analyst for the Security & Integrity risk team at Meta. This position will play a key role in understanding and quantifying risk across the financial, legal, regulatory and strategic spectrum, as well as developing risk management and mitigation strategies. This...
-
Lead AI Risk Analyst
2 weeks ago
New York, United States Momentum Resource Solutions Full timeJob DescriptionJob DescriptionLead AI Risk Analyst Hybrid ScheduleIn this role you will support the Artificial Intelligence Center of Excellence and serve as the Chair of the AI Risk Forum to drive and influence prioritization, resourcing, and execution. Specifically, this role will include overseeing the end-to-end AI risk assessment process, ensuring the...
-
Cyber Security Risk Consultant
3 weeks ago
New York, United States Purple Drive Solution Full timeRole: Cyber Security Risk Consultant (GRC Analyst) - Experience in executing security assessments in the Cloud and against third party SaaS solutions. - Expert knowledge of performing risk management based on NIST 800-53. - Experience in determining vulnerability risk impact. - Ability to contextualize security findings and lead the development squads in...
-
Risk Analyst
2 weeks ago
New York, United States Paramount Full timeParamount Tech is hiring an Information Security Analyst This position is responsible for supporting the team on third party risk management and vendor security incident response. **Role Details**: - Perform Third-party Risk assessments in accordance with the most widely accepted security standards (e.g., ISO 27001, NIST, Shared Assessments etc.), and the...
-
Global Security Risk Analyst 4
3 weeks ago
New York, United States Adobe Full timeOur Company Changing the world through digital experiences is what Adobe’s all about. We give everyone—from emerging artists to global brands—everything they need to design and deliver exceptional digital experiences! We’re passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies...
-
Security Risk Analyst
2 weeks ago
New Kensington, Pennsylvania, United States Alcoa Full timeShape Your World Being part of Alcoa means being part of a team that strives to transform potential into progress. At Alcoa, each member plays a crucial role as a work-shaper, team-shaper, idea-shaper, and world-shaper. As a pivotal figure within Alcoa, you have the opportunity to contribute to reshaping the aluminum industry. Join a dynamic team dedicated...
-
Security Analyst, Governance, Risk
1 week ago
New York, New York, United States GameChanger Full timeAbout GameChanger:We believe in the life-changing impact youth sports have on and off the field because they encourage leadership, teamwork, responsibility, and confidence—important life lessons that have the power to propel our youth toward meaningful futures. We recognize that without coaches, parents, and volunteers, organized youth sports could not...
-
Risk Analyst
2 weeks ago
New York, New York, United States PLAID Full timeAt Plaid, our mission is to unlock financial freedom for everyone. There has never been a better time than now to start building the future of fintech with us. Plaid powers the tools millions of people rely on to live a healthier financial life. We work with thousands of companies like Venmo, SoFi, and Betterment, several of the Fortune 500, and many of the...
-
Lead GRC Analyst
1 month ago
New York, New York, United States Justworks Full timeWho We AreAt Justworks, you'll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.We're helping businesses get off the ground by enabling them to focus on running...
-
Risk Analyst
2 weeks ago
New York, New York, United States Integrated personnel Full timeJOB: Jr Risk Tech Analyst (Not Sr look for 3 to 5yrs) Location: NYC NY Client : Mizuho Look for 3 to 7 yrs. exp The Risk Tech Analyst will specifically help to generate and assess the calculated data quality, Risk Tech Analyst also supports Quants and Risk models validation efforts. Job Responsibilities: Able to assist different teams in generating numbers...
-
Security Analyst, Governance, Risk
1 week ago
New York City, United States GameChanger Full timeAbout GameChanger: We believe in the life-changing impact youth sports have on and off the field because they encourage leadership, teamwork, responsibility, and confidence—important life lessons that have the power to propel our youth toward meaningful futures. We recognize that without coaches, parents, and volunteers, organized youth sports could not...
-
Market Risk Analyst
1 month ago
New York, United States Northbound Search Full timeJob DescriptionJob DescriptionJob Description:A leading International Broker-Dealer, located in New York, NY, is seeking a Market Risk Analyst to join their growing team. This is a great opportunity to join a dynamic group and work closely with senior management, as this individual will be reporting directly into the Managing Director of Market Risk....
-
Risk Analyst
1 month ago
New York, United States SiriusPoint Ltd. Full timeDescription Risk Analyst New York - Hybrid US-Remote Who We Are SiriusPoint is a global underwriter of insurance and reinsurance. We utilize deep risk capabilities to protect our customers and provide intelligent risk solutions to clients and brokers around the world. Bermuda-headquartered and listed on the New York Stock Exchange (SPNT), we work as 'One...
-
Technology Risk and Controls Lead
3 weeks ago
New York, United States JPMorgan Chase & Co Full time**JOB DESCRIPTION** As a Technology Risk and Controls Lead at JPMorgan Chase within the Cybersecurity & Technology Controls Organization, you'll engage in areas of development, design, and monitoring of corporate and world-wide control programs and acts as a liaison between management, the Lines of Business, internal and external audit and regulators. This...
-
Information Security Analyst
1 day ago
New York, United States Strategic Staffing Solutions Full timeJob Title: Information Security Analyst– Hiring FAST! Location: New York, NY Rate: $62-67/hr W2 Only – NO C2C Setting: Hybrid Duration: 12+ months ***WE DO VISA TRANSFERS*** Summary: We are seeking an application security governance analyst to join and help establish and maintain effective governance practices within the application security...
-
Cyber Security Analyst
4 weeks ago
New York, United States NYC Careers Full time**Cyber Security Analyst**: - Apply**Cyber Security Analyst**: - Agency: POLICE DEPARTMENT - Posted on: 05/11/2024- Job type: Full-time Location NYC-ALL BOROS - Title Classification: Exam may be required Department INFO TECHNOLOGY BUREAU/CV - Salary range: $59,314.00 - $84,414.00- JOB DESCRIPTION: - The mission of the New York City Police Department...
-
Risk Aml Analyst
4 weeks ago
New York, United States Payoneer Full time**Risk AML Analyst, New York, NY (Hybrid)** **Build Your Career | Love your Work | Make a Difference** Payoneer's mission is to empower businesses to **_go beyond_** - beyond borders, limits and expectations. In today's digital world, Payoneer enables businesses of all sizes from anywhere in the world to access new economic opportunities by enabling them...
-
Information Security Analyst
2 weeks ago
New York, New York, United States American Express Full timeYou Lead the Way. We've Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you'll learn and grow as we help you create a career...
