Security GRC Analyst at Gusto
Gusto is fundamentally changing how the world works by empowering small business employers to put people first. Gusto reimagines payroll, benefits, and HR by automating the most complicated and impersonal business tasks and making them simple and delightful. Gusto processes billions of dollars in payroll for hundreds of thousands of employees.
Additionally, our clients trust us with personally identifiable information (PII) and protected health information (PHI), including customers’ SSNs, EINs, salaries, home addresses, and health related information. Protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.
Here’s what you’ll do day-to-day:
- Work across teams to develop and maintain InfoSec policies, procedures and standards in compliance with the requirements of HIPAA, NY DFS, SOC1/2, FFIEC, FDIC, SOX, MTL, OCC
- Perform gap analysis and security risk assessments to determine if business systems are aligned with regulatory requirements, industry best practices, internal information security policies/procedures/standards.
- Collaborate with other compliance related teams to complete compliance audits and reports.
- Verify and monitor security controls with key technology or operation owners.
- Identify improvements that will strengthen the efficiency and effectiveness of our compliance initiatives.
- Manage 3rd party vendor security assessments.
- Develop and provide training to improve the security awareness and knowledge for all employees and contractors.
Here’s what we’re looking for:
- Minimum of 3 years in information security assurance
- Knowledgeable in both qualitative and quantitative risk assessment methodologies
- Familiar with audit testing techniques
- Experienced in information security frameworks (HIPAA, SOC, NIST, and ISO 27000) and industry best practices (SANS and CIS)
- Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills
- Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
- Experience in assessing cloud service offerings
- Certifications (CISSP, CISA, CISM, SANS GSEC, etc.).
Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 100,000 businesses nationwide.