Announcing our partnership with . Click here to learn more!
Posted on
Jul 1, 2024
Senior Security Risk Analyst (GRC)
New York
Mid-Senior ICs
IT, Data Science + Analytics
Justworks
Justworks is a technology company that levels the playing field for all small
businesses. Through our software and as a partner, we help our customers take care of their teams, streamline their operations, and navigate the complex aspects of managing a workforce with confidence.
Job Description
Who You Are
===============
Justworks is seeking an exceptional Senior Security Risk Analyst to join our Governance Risk & Compliance (GRC) team. The Senior Security Risk Analyst will work cross-functionally with all areas of the company to develop security safeguards and countermeasures. As a Senior Security Risk Analyst, you will report to the Senior Manager, Governance Risk & Compliance and liaise with other teams across Digital Security, providing guidance and solutions to protect Justworks’ products, customers, and employees.
Your Success Profile
========================
What You Will Work On
-------------------------
- Contribute to building GRC strategy and multi-year roadmaps to mature Justwork’s GRC function, defining Justworks’ risk management framework, and developing Justworks’ compliance programs, policies, and standards.
- Be part of the development of GRC’s capabilities such as cyber risk management, third-party risk management, security training and communications, and our compliance program.
- Play a key role in the Third-Party Risk Management program. Conduct vendor risk assessment independently. Partner with stakeholders to ensure adequate controls are available and enabled in production. Continuously monitor vendor risk profiles. Work with the team to enhance Third-Party Governance and improve the TPRM process.
- Support TPRM lead on the effort to obtain the comprehensive vendor inventory. This includes the development of a catalog of software components, including endpoints, APIs, and open-source libraries by collaborating with Security Architects, Product, and Engineering.
- Work with the team to apply the risk management framework to day-to-day work. Conduct security assessments to enable the global Justworks to identify, assess, treat, and monitor cybersecurity risks. Maintain risk registry, track and monitor risk mitigation. Collaborate with all stakeholders across the company to provide risk visibilities, and drive the mitigation of cyber risks.
- Assist in the selection and implementation of GRC solutions. Be the expert on all GRC tools.
- Monitor and analyze changes in relevant regulations and industry standards such as CCPA, and GDPR, adapting company policies and procedures as needed.
- Partner with Engineering, IT, People, and Finance on control requirements and evidence production proactively in anticipation of SOC2/SOX and customer audits.
- Support GRC’s training, communication and other activities to support a security-aware Justworks culture.
- Build a risk-aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks.
- Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing.
- Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver best work and develop their professional skills.
- Perform other related duties as assigned.
How You Will Do Your Work
-----------------------------
As a Senior Security Risk Analyst, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:
- Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
- Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
- Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
- Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
- Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.
In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:
- Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
- Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
- Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
- Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
- Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”
Qualifications
------------------
- 5+ years' experience directly in cybersecurity fields, with a demonstrated track record of leading third-party risk management, plus one of the following areas: cyber risk management, policy & compliance, security awareness, and communication
- Well-versed in risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules
- Strong analytical skills and using data/facts for decision-making
- Solid experience in either software development or infrastructure other than risk management experience
- Ability to develop scripts/queries to pull data from different tools
- Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
- Functional knowledge of security domains and information security industry standard and best practices
- Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices.
- Previous experience with GRC solutions - Archer, ServiceNow, LogicGate etc
- Technical understanding of cloud-based security in an AWS environment
- Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation
- Exceptional organizational skills with the ability to prioritize and manage multiple projects at the same time.
- A self-motivated person who can influence and drive cross-functional teams, promoting timely and effective communication
- Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables
- Security Certifications of CISSP, CISM, CRISC, CISA a plus
The base wage range for this position based in our New York City Office is targeted at $167,500.00 to $184,250.00 per year.
#LI-AD1 #LI-Hybrid #LI-JS1
Who You Are
Justworks is seeking an exceptional Senior Security Risk Analyst to join our Governance Risk & Compliance (GRC) team. The Senior Security Risk Analyst will work cross-functionally with all areas of the company to develop security safeguards and countermeasures. As a Senior Security Risk Analyst, you will report to the Senior Manager, Governance Risk & Compliance and liaise with other teams across Digital Security, providing guidance and solutions to protect Justworks’ products, customers, and employees.
Your Success Profile
What You Will Work On
- Contribute to building GRC strategy and multi-year roadmaps to mature Justwork’s GRC function, defining Justworks’ risk management framework, and developing Justworks’ compliance programs, policies, and standards.
- Be part of the development of GRC’s capabilities such as cyber risk management, third-party risk management, security training and communications, and our compliance program.
- Play a key role in the Third-Party Risk Management program. Conduct vendor risk assessment independently. Partner with stakeholders to ensure adequate controls are available and enabled in production. Continuously monitor vendor risk profiles. Work with the team to enhance Third-Party Governance and improve the TPRM process.
- Support TPRM lead on the effort to obtain the comprehensive vendor inventory. This includes the development of a catalog of software components, including endpoints, APIs, and open-source libraries by collaborating with Security Architects, Product, and Engineering.
- Work with the team to apply the risk management framework to day-to-day work. Conduct security assessments to enable the global Justworks to identify, assess, treat, and monitor cybersecurity risks. Maintain risk registry, track and monitor risk mitigation. Collaborate with all stakeholders across the company to provide risk visibilities, and drive the mitigation of cyber risks.
- Assist in the selection and implementation of GRC solutions. Be the expert on all GRC tools.
- Monitor and analyze changes in relevant regulations and industry standards such as CCPA, and GDPR, adapting company policies and procedures as needed.
- Partner with Engineering, IT, People, and Finance on control requirements and evidence production proactively in anticipation of SOC2/SOX and customer audits.
- Support GRC’s training, communication and other activities to support a security-aware Justworks culture.
- Build a risk-aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks.
- Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing.
- Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver best work and develop their professional skills.
- Perform other related duties as assigned.
How You Will Do Your Work
As a Senior Security Risk Analyst, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:
- Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
- Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
- Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
- Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
- Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.
In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:
- Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
- Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
- Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
- Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
- Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”
Qualifications
- 5+ years' experience directly in cybersecurity fields, with a demonstrated track record of leading third-party risk management, plus one of the following areas: cyber risk management, policy & compliance, security awareness, and communication
- Well-versed in risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules
- Strong analytical skills and using data/facts for decision-making
- Solid experience in either software development or infrastructure other than risk management experience
- Ability to develop scripts/queries to pull data from different tools
- Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
- Functional knowledge of security domains and information security industry standard and best practices
- Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices.
- Previous experience with GRC solutions - Archer, ServiceNow, LogicGate etc
- Technical understanding of cloud-based security in an AWS environment
- Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation
- Exceptional organizational skills with the ability to prioritize and manage multiple projects at the same time.
- A self-motivated person who can influence and drive cross-functional teams, promoting timely and effective communication
- Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables
- Security Certifications of CISSP, CISM, CRISC, CISA a plus
The base wage range for this position based in our New York City Office is targeted at $167,500.00 to $184,250.00 per year.
#LI-AD1 #LI-Hybrid #LI-JS1