Governance, Risk & Compliance (GRC) Analyst

About Gusto

Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 400,000 businesses nationwide.

Our mission is to create a world where work empowers a better life, and it starts right here at Gusto. That’s why we’re committed to building a collaborative and inclusive workplace, both physically and virtually. Learn more about our Total Rewards philosophy. 

About the Role:

Symmetry is seeking a Security, Governance, Risk & Compliance professional to serve as the internal expert and owner of our risk, compliance, and governance initiatives. This person will guide the company from foundational Governance, Risk & Compliance (GRC) maturity through to steady-state operations, ensuring ongoing compliance with SOC 2 Type 2 and related frameworks, while embedding security-minded practices throughout Symmetry. This is a cross-functional role with key touchpoints in every department.

About the Team:

At Gusto, the Symmetry team is on a mission to empower the world’s employees by ensuring they get the right taxes the first time. Operating like a “mini startup” within the company, Symmetry is a team driven by deep customer empathy, domain expertise, and a relentless desire to innovate. Our goal is to expand the value we create for the payroll service provider industry by solving more problems that impact millions and millions of paychecks in the US each year.

Here’s what you’ll do day-to-day:

• Develop, maintain, and ensure adherence to security and compliance SOPs, internal documentation, and company-wide policies—particularly supporting SOC 2 and future framework adoption.
• Own and manage trust management platforms (e.g., Vanta), including documentation of controls, risks, vendors, and exceptions, and lead the implementation of a public-facing Trust Center to promote transparency.
• Collaborate with Legal, Enterprise Applications, and Gusto counterparts to establish and maintain data governance policies (e.g., classification, retention, handling).
• Conduct ongoing internal risk assessments to identify exposure and control gaps; coordinate remediation plans with functional teams.
• Manage the third-party vendor risk program, including onboarding reviews, monitoring, and renewal assessments.
• Lead interactions with external auditors and regulatory bodies during compliance assessments (e.g., SOC 2 Type 2) and oversee responses to client security assessments and due diligence requests.
• Stay current on relevant compliance frameworks, laws, and regulations to ensure appropriate coverage and adaptability.
• Partner cross-functionally (e.g., Security, Legal, Engineering, Sales, IT) to implement scalable GRC processes, harmonize systems (e.g., Ironclad, Coupa), and foster GRC understanding through employee enablement programs and KPI-driven insights.

Here’s what we're looking for:

• 3–5+ years of experience in governance, risk, and compliance within SaaS, ideally in the HCM, payroll, or fintech sectors.
• Bachelor’s degree in Business, Information Systems, or a related field.
• Strong understanding of SaaS business models, with experience implementing controls and policies in fast-paced, product-driven environments.
• Proven experience leading or supporting a SOC 2 Type 2 compliance initiative, including collaboration with auditors and cross-functional teams.
• Familiarity with compliance tools and platforms such as Vanta, Drata, Viso Trust, or similar.
• Demonstrated ability to translate complex GRC requirements into actionable, scalable processes.
• Excellent written and verbal communication skills, including the ability to educate and influence cross-functional stakeholders.
• A data-informed mindset, with the ability to use analytics to assess GRC performance and maturity.
• One or more relevant professional certifications:
• CISA, CRISC, or GRCP preferred
• CGEIT, CRMA, or PMI-RMP are a bonus

Our cash compensation amount for this role is $110,640/yr to $130,000/yr in Scottsdale,  $118,300/yr to $145,903/yr in Denver, and $142,980/yr to $176,342/yr for San Francisco & New York. Final offer amounts are determined by multiple factors including candidate location, experience and expertise and may vary from the amounts listed above.

Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale.

Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas. 

When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required.

Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto. 

Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. We want to see our candidates perform to the best of their ability. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you.

Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer.

Personal information collected and processed as part of your Gusto application will be subject to Gusto's Applicant Privacy Notice.