InfoSec GRC Analyst
San Francisco, CA

Job Description

Description

Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with personally identifiable information (PII) and protected health information (PHI), including customers' SSNs, EINs, salaries, home addresses, and health related information. Protecting our clients' PII and PHI is one of the top considerations in anything we do at Gusto.

Gusto is seeking an experienced InfoSec GRC Analyst to support the Security team in all aspect of our IT security, governance, risk and assurance processes. You will be engaging various process owners in the design, evaluation, documentation and monitoring of the appropriate security controls in our computing environment, as well as interacting with external audits. It is essential that you have hands-on experiences in IT assurances and operational audits, as well as prior hands on in IT experiences.

Here's what you'll do day-to-day:

* Perform gap analysis and security risk assessments to determine if the company's information assets are protected from internal and external threats and are aligned with regulatory requirements.
* Work across team to design, implement and test various security processes and controls
* Conduct internal security audits and provide technical and business recommendation to process owners to remediate all findings
* Work with the Security team in identifying technical security gaps as reported by internal and external customers.
* Perform other IT security and assurances related tasks as assigned by management.
* Manage 3rd party vendor security assessments in collaboration with Legal and Compliance teams.
* Develop and provide training to improve the security awareness and knowledge for all employees and contractors.

Here's what we're looking for:

* Minimum of 3 years in information security assurance and audit such as SOC 2 Type 2, HIPPA and ISO 27001
* Hands-on experiences in cloud technologies and security
* Knowledgeable in various IT security frameworks and best practices, such as Trust Services Principles, HIPPA, NIST SP 800 publications, CCM and CoBIT
* Knowledgeable in both qualitative and quantitative risk assessment methodologies
* Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills
* Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
* Certifications (CISSP, CISA, CISM, SANS GSEC, etc.).

About Gusto

Our customers come from all walks of life and so do we. We hire people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.

Gusto's mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 60,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company's investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.