Who You Are

Justworks is seeking a solutions-oriented Lead Security Risk Analyst who views GRC as a dynamic service that must be as efficient as the technology it governs.

You possess the analytical clarity to translate technical findings into meaningful risk narratives and are an optimizer who thrives on automation, preferring structured workflows over manual spreadsheets. In this role, you will help lead the maturity and scalability of our GRC operating model to protect Justworks’ assets, employees, and customers.

Reporting to the Director of GRC within the Digital Security organization, you will collaborate with cross-functional partners to deliver on our mission of enterprise-level security and operational excellence.

Your Success Profile

What You Will Work On

• Roadmap Execution: Support Digital Security / GRC leadership to execute a multi-year strategy that matures Justworks’ GRC function into a technology-enabled, enterprise grade program. Provide technical leadership to build future GRC capabilities.
• Risk Operations: Design and manage the end-to-end cyber risk lifecycle—identifying, quantifying, treating, and monitoring risks within a centralized Risk Register.
• Policy & Framework Implementation: Support the Director of GRC to define the Justworks risk management framework.  Maintain cyber security policies, standards and SOPs and map to controls/frameworks to ensure cross-functional alignment. (e.g. NIST CSF, NIST 800-53, NIST AI RMF, CIS, etc.).  Monitor emerging risks and adjust policies accordingly.  Manage the cyber security exception process.
• Continuous Compliance: Build and scale the "Audit-Once, Comply-Many" engine to automate evidence orchestration (e.g. SOC2, GDPR, etc.) and internal policy enforcement.  Monitor regulatory environment changes and impact.
• Supply Chain Resilience: Advance the Vendor Security Management program by evaluating software supply chain risks and automating third-party security assessments.
• Cyber Risk Liaison: Act as a key partner to Engineering and IT to translate policies, controls and risks ensuring "Security-by-Design" across the product lifecycle.  
• GRC Stack Optimization: Lead the evolution of the GRC technology stack, focusing on bi-directional integrations and automated telemetry to eliminate manual workflows.
• Risk Advisory & Influence: Facilitate security assessments for high-impact initiatives, translating technical gaps into meaningful business insights for stakeholders.
• Security Culture & Adaptive Awareness: Develop and deploy data-driven security training and communication programs that support compliance, target specific behavioral risks and foster a security-first culture.

How You Will Do Your Work

As a Lead Security Risk Analyst, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following: