×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Lead Security Risk Analyst; GRC

Job in New York, New York County, New York, 10261, USA
Listing for: Justworks
Full Time position
Listed on 2026-01-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Lead Security Risk Analyst (GRC)
Location: New York

Who We Are

At Justworks, you’ll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.

We’re helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. We’re data-driven and never stop iterating. If you’d like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, we’d love to hear from you.

We're united by shared goals and shared motivations se are best summed up in our company values, which are reflected in our product and in our team.

Our Values

If this sounds like you, you’ll fit right in.

Who You Are

Justworks is seeking an exceptional Lead Security Risk Analyst to join our Governance Risk & Compliance (GRC) team. The Lead Security Risk Analyst will work cross-functionally with all areas of the company to develop security safeguards and countermeasures to protect Justworks assets, employees and customers. The Lead Security Risk Analyst will report to the Senior Manager, Governance Risk & Compliance and liaise with other teams across Digital Security.

Your Success Profile
What You Will Work On
  • Work with the GRC leader to provide guidance and solutions that protect Justworks, our products, customers and employees.
  • Support GRC leader to build GRC strategy and multi-year roadmaps to mature Justwork’s GRC function.
  • Provide technical leadership to build GRC’s capabilities such as cyber risk management, vendor security assessment, security training and communications, and our compliance program.
  • Assist GRC leader to define Justworks risk management framework, leveraging NIST 800-53, CIS and others.
  • Work with GRC leader to develop the compliance program for both regulatory compliance such as SOC2, GDPR, and compliance to our Justworks policies and standards.
  • Monitor and analyze changes in relevant regulations and industry standards such as CCPA, GDPR, adapting company policies and procedures as needed.
  • Partner with Engineering, IT, People, and Finance on control requirements and evidence production proactively in anticipation of SOC2/SOx, and customer audits.
  • Lead and drive security assessments to enable the global Justworks to identify, assess, treat and monitor (via risk register) cybersecurity risks.
  • Oversee findings brought forward through the risk reporting and risk exception process and report to security leadership where gaps exist.
  • Collaborate with all stakeholders across the company to provide risk visibilities, and more importantly to lead and drive the mitigation of cyber risks.
  • Drive on-going security assessments to enable the global Justworks to identify, assess, treat and monitor cybersecurity risks.
  • Build a risk aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks.
  • Partner with stakeholders when onboarding vendor solutions to ensure adequate controls are available and enabled in production.
  • Build a robust vendor risk management program, including evaluating software supply chain security, vendor security assessments, and assurance vendor incident reporting.
  • Oversee vendor relationship for applicable third party vendors providing service delivery of GRC related functions including but not limited to vendor management, security awareness training, GRC management and others.
  • Engage with organizational stakeholders to develop and implement engaging and effective security and compliance training programs.
  • Drive timely & effective communication via collaboration with various stakeholders including IT, Cyber Defense Operations, Security Architecture & Engineering, People Operations, Customer Service and Marketing.
  • Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver best work and develop their professional skills.
  • Work with the Security Architecture and Engineering team to identify and implement missing capabilities for GRC to mature and advance GRC’s capabilities.
  • Perform other related duties as…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search