Lead Security Risk Analyst (GRC) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Justworks · 7 hours ago

Lead Security Risk Analyst (GRC)

positionNew York, NY
timeFull-time
remoteOnsite
senioritySenior Level
money$192K/yr - $212K/yr
date7+ years exp

Justworks is a company that provides HR solutions to help businesses thrive. They are seeking a Lead Security Risk Analyst to join their Governance Risk & Compliance team, responsible for developing security safeguards and managing risk assessments to protect the company's assets and ensure compliance with regulations.

Bookkeeping and PayrollComplianceEmployee BenefitsHealth InsurancePayments
check
H1B Sponsor Likelynote

Responsibilities

Work with the GRC leader to provide guidance and solutions that protect Justworks, our products, customers and employees
Support GRC leader to build GRC strategy and multi-year roadmaps to mature Justwork’s GRC function
Provide technical leadership to build GRC’s capabilities such as cyber risk management, vendor security assessment, security training and communications, and our compliance program
Assist GRC leader to define Justworks risk management framework, leveraging NIST 800-53, CIS and others
Work with GRC leader to develop the compliance program for both regulatory compliance such as SOC2, GDPR, and compliance to our Justworks policies and standards
Monitor and analyze changes in relevant regulations and industry standards such as CCPA, GDPR, adapting company policies and procedures as needed
Partner with Engineering, IT, People, and Finance on control requirements and evidence production proactively in anticipation of SOC2/SOx, and customer audits
Lead and drive security assessments to enable the global Justworks to identify, assess, treat and monitor (via risk register) cybersecurity risks
Oversee findings brought forward through the risk reporting and risk exception process and report to security leadership where gaps exist
Collaborate with all stakeholders across the company to provide risk visibilities, and more importantly to lead and drive the mitigation of cyber risks
Drive on-going security assessments to enable the global Justworks to identify, assess, treat and monitor cybersecurity risks
Build a risk aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks
Partner with stakeholders when onboarding vendor solutions to ensure adequate controls are available and enabled in production
Build a robust vendor risk management program, including evaluating software supply chain security, vendor security assessments, and assurance vendor incident reporting
Oversee vendor relationship for applicable third party vendors providing service delivery of GRC related functions including but not limited to vendor management, security awareness training, GRC management and others
Engage with organizational stakeholders to develop and implement engaging and effective security and compliance training programs
Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing
Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver best work and develop their professional skills
Work with the Security Architecture and Engineering team to identify and implement missing capabilities for GRC to mature and advance GRC’s capabilities
Perform other related duties as assigned

Qualification

Cybersecurity experienceGRC project leadershipRisk assessment methodologyNIST 800-53 knowledgeOperational risk managementThird-party assessmentsGRC solutions experienceCloud security (AWS)Analytical abilitiesSecurity certificationsCommunication skillsOrganizational skillsSelf-motivated

Required

At least 7+ years' experience directly in cybersecurity fields, with a demonstrated track record of leading complex GRC projects in at least two of the following areas: cyber risk management, vendor security management, policy & compliance, security awareness and communication
A deep understanding of risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules
Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
Functional knowledge of security domains and information security industry standard and best practices
Strong knowledge of third-party assessments, IT risk management, regulatory requirements and compliance and its overall business processes, controls and risk exposure
Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices
Previous experience with GRC solutions - Archer, Workiva, LogicGate etc
Technical understanding of cloud-based security in an AWS environment
Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation
Proven analytical abilities and using data/facts for decision-making
Exceptional organizational skills with the ability to prioritize and manage multiple projects at the same time
A self-motivated person who can influence and drive cross-functional teams, promoting timely and effective communication
Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables

Preferred

Security Certifications of CISSP, CISM, CRISC, CISA a plus

Benefits

Great benefits
Wellness program offerings
Company retreats

Company

Justworks

twittertwittertwitter
Glassdoor3.7
company-logo
Justworks is a cloud-based HR and payroll platform that helps small and mid-sized companies manage payroll, benefits, compliance, and HR.
dateFounded in 2012
location
New York, New York, USA
people-size1001-5000 employees
web-link
https://www.justworks.com

H1B Sponsorship

Justworks has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (12)
2024 (19)
2023 (15)
2022 (19)
2021 (6)
2020 (4)

Funding

Current Stage
Late Stage
Total Funding
$159.84M
Key Investors
FirstMarkRedpointBain Capital Ventures
2023-11-01Series Unknown· $16.84M
2020-01-28Series E· $50M
2018-03-06Series D· $40M

Leadership Team

leader-logo
Michael Seckler
Chief Executive Officer
linkedin
leader-logo
David Feinberg
Senior Vice President Risk & Insurance Programs
linkedin

Recent News

Index Ventures
Index Ventures Portfolio
2025-12-29
Built In
The Power of Purpose: Inside Justworks’ Mission-Driven Culture
2025-11-23
PR Newswire
Schoolyard Social Launches App That Turns Competition Into Community
2025-10-30
Company data provided by crunchbase