Posted on 
Jul 1, 2024

Security Risk Analyst (GRC)

New York
Entry-level, Junior, or Associate
IT
Justworks
Justworks
Justworks
Private
1001-5000
HR & Recruiting

Justworks is a technology company that levels the playing field for all small

businesses. Through our software and as a partner, we help our customers take care of their teams, streamline their operations, and navigate the complex aspects of managing a workforce with confidence.

Job Description

Who You Are

===============

Justworks is seeking an exceptional Security Risk Analyst to join our Governance Risk & Compliance (GRC) team. The Security Risk Analyst will work cross-functionally with all areas of the company to develop security safeguards and countermeasures to protect Justworks assets, employees and customers. The Security Risk Analyst will report to the Senior Manager, Governance Risk & Compliance and liaise with other teams across Digital Security.

Your Success Profile

========================

What You Will Work On

-------------------------

  • Work with the GRC leader to provide security guidance and solutions that protect Justworks, our products, customers, and employees.
  • Support GRC team with implementing and operationalizing GRC strategy and multi-year roadmaps to mature Justwork’s GRC function.
  • Have a working knowledge of and be able to support all GRC capabilities such as cyber risk management, third-party risk management, security training and communications, and our compliance program.
  • Conduct Third Party Risk assessments, educate vendor relationship owners on the risks identified, work with them to secure remediation plans with vendors.
  • Support security-related educational and compliance programs, including developing and managing regular phishing simulations, creating security newsletters and other communications, etc.
  • Maintain a cyber risk register with timely updates and regular reviews with risk owners to drive risk closure.
  • Provide data input to predefined GRC metrics to support monthly and quarterly departmental OKR reporting.
  • Proactively seek clarification, ask thoughtful questions, and focus on learning and development.
  • Follow best practices within the team. Raise concerns. Offer suggestions.
  • Research topics and find answers outside the area of expertise.
  • Develop domain knowledge such as IT, InfraOps, Engineering, Benefits, Payment, etc to better align security initiatives with business priorities.
  • Create and update process documentation.
  • Support Justworks’ audit commitment related to SOC2, GDPR, and our Justworks policies and standards.
  • Manage security findings brought forward through the risk reporting and risk exception process and report to security leadership where gaps exist.
  • Collaborate with all stakeholders across the company to provide risk visibilities, and more importantly to drive risk mitigation
  • Assist in building a risk-aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks.
  • Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing.
  • Perform other related duties as assigned.

How You Will Do Your Work

-----------------------------

As a Security Risk Analyst, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

  • Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
  • Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
  • Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
  • Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
  • Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

  • Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
  • Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
  • Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
  • Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
  • Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

Qualifications

------------------

  • 3+ years' experience directly in cybersecurity fields, with a demonstrated track record in one or more of the following areas: third-party risk management, cyber risk management, policy & compliance, security awareness, and communication
  • Clear understanding of risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules
  • Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
  • Functional knowledge of security domains and information security industry standards and best practices
  • Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices.
  • Previous experience with GRC solutions - Archer, ServiceNow, LogicGate, etc
  • Technical understanding of cloud-based security in an AWS environment
  • Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation; adept at influencing and driving cross-functional collaboration
  • Demonstrated ability to analyze information critically and synthesize findings into actionable insights and better data-driven decision-making.
  • Possess a natural curiosity and eagerness to explore new topics, with the ability to quickly learn and understand unfamiliar subjects. Demonstrates a proactive approach to identifying problems and implementing effective solutions..
  • Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables
  • Security Certifications of CISSP, CISM, CRISC, CISA a plus

The base wage range for this position based in our New York City Office is targeted at $140,000.00 to $154,000.00 per year.

#LI-AD1 #LI-Hybrid #LI-JS1

Who You Are

Justworks is seeking an exceptional Security Risk Analyst to join our Governance Risk & Compliance (GRC) team. The Security Risk Analyst will work cross-functionally with all areas of the company to develop security safeguards and countermeasures to protect Justworks assets, employees and customers. The Security Risk Analyst will report to the Senior Manager, Governance Risk & Compliance and liaise with other teams across Digital Security.

Your Success Profile

What You Will Work On

  • Work with the GRC leader to provide security guidance and solutions that protect Justworks, our products, customers, and employees.
  • Support GRC team with implementing and operationalizing GRC strategy and multi-year roadmaps to mature Justwork’s GRC function.
  • Have a working knowledge of and be able to support all GRC capabilities such as cyber risk management, third-party risk management, security training and communications, and our compliance program.
  • Conduct Third Party Risk assessments, educate vendor relationship owners on the risks identified, work with them to secure remediation plans with vendors.
  • Support security-related educational and compliance programs, including developing and managing regular phishing simulations, creating security newsletters and other communications, etc. 
  • Maintain a cyber risk register with timely updates and regular reviews with risk owners to drive risk closure.
  • Provide data input to predefined GRC metrics to support monthly and quarterly departmental OKR reporting.
  • Proactively seek clarification, ask thoughtful questions, and focus on learning and development.
  • Follow best practices within the team. Raise concerns. Offer suggestions.
  • Research topics and find answers outside the area of expertise.
  • Develop domain knowledge such as IT, InfraOps, Engineering, Benefits, Payment, etc to better align security initiatives with business priorities.
  • Create and update process documentation.
  • Support Justworks’ audit commitment related to SOC2, GDPR, and our Justworks policies and standards.
  • Manage security findings brought forward through the risk reporting and risk exception process and report to security leadership where gaps exist.
  • Collaborate with all stakeholders across the company to provide risk visibilities, and more importantly to drive risk mitigation
  • Assist in building a risk-aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks.
  • Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing.
  • Perform other related duties as assigned.

How You Will Do Your Work

As a Security Risk Analyst, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

  • Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.

  • Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.

  • Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.

  • Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.

  • Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

  • Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
  • Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
  • Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
  • Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
  • Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

Qualifications

  • 3+ years' experience directly in cybersecurity fields, with a demonstrated track record in one or more of the following areas: third-party risk management, cyber risk management, policy & compliance, security awareness, and communication
  • Clear understanding of risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules
  • Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
  • Functional knowledge of security domains and information security industry standards and best practices
  • Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices. 
  • Previous experience with GRC solutions - Archer, ServiceNow, LogicGate, etc
  • Technical understanding of cloud-based security in an AWS environment 
  • Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation; adept at influencing and driving cross-functional collaboration
  • Demonstrated ability to analyze information critically and synthesize findings into actionable insights and better data-driven decision-making.
  • Possess a natural curiosity and eagerness to explore new topics, with the ability to quickly learn and understand unfamiliar subjects. Demonstrates a proactive approach to identifying problems and implementing effective solutions..
  • Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables
  • Security Certifications of CISSP, CISM, CRISC, CISA a plus

The base wage range for this position based in our New York City Office is targeted at $140,000.00 to $154,000.00 per year.

#LI-AD1 #LI-Hybrid #LI-JS1

Receive Tech Ladies'
newest jobs in your inbox,
every week.

Join Tech Ladies for full-access to the job board, member-only events, and more!

If you're already a member, we haven't forgotten you. We promise. It's a new system. If you fill out the form once, it'll remember you going forward. Apologies for the inconvenience.

New York
New York
JavaScript
JavaScript
Ruby
Ruby
Ruby On Rails
Ruby On Rails
MySQL
MySQL
IT
IT
Hybrid
Hybrid