Gusto is fundamentally changing how the world works by empowering small business employers to put people first. Gusto reimagines payroll, benefits, and HR by automating the most complicated and impersonal business tasks and making them simple and delightful. Gusto processes billions of dollars in payroll for hundreds of thousands of employees.
Additionally, our clients trust us with personally identifiable information (PII) and protected health information (PHI), including customers’ SSNs, EINs, salaries, home addresses, and health related information. Protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.
Here’s what you’ll do day-to-day:
- Work across teams to develop and maintain InfoSec policies, procedures and standards in compliance with the requirements of HIPAA, NY DFS, SOC1/2, FFIEC, FDIC, SOX, MTL, OCC
- Perform gap analysis and security risk assessments to determine if business systems are aligned with regulatory requirements, industry best practices, internal information security policies/procedures/standards.
- Collaborate with other compliance related teams to complete compliance audits and reports.
- Verify and monitor security controls with key technology or operation owners.
- Identify improvements that will strengthen the efficiency and effectiveness of our compliance initiatives.
- Manage 3rd party vendor security assessments.
- Develop and provide training to improve the security awareness and knowledge for all employees and contractors.
Here’s what we’re looking for:
- Minimum of 3 years in information security assurance
- Knowledgeable in both qualitative and quantitative risk assessment methodologies
- Familiar with audit testing techniques
- Experienced in information security frameworks (HIPAA, SOC, NIST, and ISO 27000) and industry best practices (SANS and CIS)
- Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills
- Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
- Experience in assessing cloud service offerings
- Certifications (CISSP, CISA, CISM, SANS GSEC, etc.).
Our customers come from all walks of life and so do we. We hire people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.
Gusto’s mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 60,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company’s investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.