38 applicantsPosted by Agency

Company

Original Job Post

Justworks · 2 days ago

Senior Security Risk Analyst

New York, NY

Full-time

Hybrid

Senior Level

$168K/yr - $184K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

B2BBookkeeping and Payroll

H1B Sponsorship

Insider Connection @Justworks

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Contribute to building GRC strategy and multi-year roadmaps to mature Justwork’s GRC function, defining Justworks’ risk management framework, and developing Justworks’ compliance programs, policies, and standards.

Be part of the development of GRC’s capabilities such as cyber risk management, third-party risk management, security training and communications, and compliance program.

Play a key role in the Third-Party Risk Management program. Conduct vendor risk assessment independently. Partner with stakeholders to ensure adequate controls are available and enabled in production. Continuously monitor vendor risk profiles. Work with the team to enhance Third-Party Governance and improve the TPRM process.

Support TPRM lead on the effort to obtain the comprehensive vendor inventory. This includes the development of a catalog of software components, including endpoints, APIs, and open-source libraries by collaborating with Security Architects, Product, and Engineering.

Work with the team to apply the risk management framework to day-to-day work. Conduct security assessments to enable the global Justworks to identify, assess, treat, and monitor cybersecurity risks. Maintain risk registry, track and monitor risk mitigation. Collaborate with all stakeholders across the company to provide risk visibilities, and drive the mitigation of cyber risks.

Assist in the selection and implementation of GRC solutions. Be the expert on all GRC tools.

Monitor and analyze changes in relevant regulations and industry standards such as CCPA, and GDPR, adapting company policies and procedures as needed.

Partner with Engineering, IT, People, and Finance on control requirements and evidence production proactively in anticipation of SOC2/SOX and customer audits.

Support GRC’s training, communication and other activities to support a security-aware Justworks culture.

Build a risk-aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks.

Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing.

Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver best work and develop their professional skills.

Perform other related duties as assigned.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CybersecurityRisk assessmentNIST 800-53CISData analysisSoftware developmentInfrastructureScriptingOperational risk managementSecurity best practicesAutomationGRC solutionsCloud securityAWSDocumentationProject managementProblem-solvingAnalyticalCommunicationOrganizationalSelf-motivatedTeamworkCISSPCISMCRISCCISA

Required

At least 5+ years' experience directly in cybersecurity fields, with a demonstrated track record of leading third-party risk management, plus one of the following areas: cyber risk management, policy & compliance, security awareness, and communication

Well-versed in risk assessment methodology, NIST 800-53, CIS, and associated security and privacy rules

Strong analytical skills and using data/facts for decision-making

Solid experience in either software development or infrastructure other than risk management experience

Ability to develop scripts/queries to pull data from different tools

Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting

Functional knowledge of security domains and information security industry standard and best practices

Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices.

Previous experience with GRC solutions - Archer, ServiceNow, LogicGate etc

Technical understanding of cloud-based security in an AWS environment

Proven track record as a strong communicator both in written and oral presentations; capable of rapidly creating detailed, yet concise documentation

Exceptional organizational skills with the ability to prioritize and manage multiple projects at the same time.

A self-motivated person who can influence and drive cross-functional teams, promoting timely and effective communication

Good organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables

Preferred

Security Certifications of CISSP, CISM, CRISC, CISA a plus

Benefits

Wellness program offerings

Company retreats

Great benefits

Company

Justworks

Glassdoor

3.7

Justworks makes it easier to start, run, and grow a business.

Founded in 2012

New York, New York, USA

1,001-5,000 employees

https://www.justworks.com

H1B Sponsorship

Justworks has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Trends of Total Sponsorships

2023 (11)

2022 (15)

2021 (11)

2020 (4)