Innovative Portfolio Companies


Gusto (formerly ZenPayroll)
Head of Security

We’re looking for a Head of Security to lead the team that protects the information of hundreds of thousands of small businesses and employees who use the Gusto platform.

As the Head of Security at Gusto, you'll be responsible for the security of our web application, corporate infrastructure, physical security, compliance, governance and risk. You’ll also lead employee security education, partner with 3rd-party penetration testers, and manage our bug bounty program and incident response team.

Gusto processes billions of dollars in payroll every month. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI), including customers’ SSNs, EINs, salaries, home addresses, and more. Our business is largely built on trust. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.

Here’s what you’ll do day-to-day:

  • Be ultimately responsible for all things related to security at Gusto, including application security, network security, people/endpoint security, compliance, governance, risk, red team, and incident response.
  • Recruit, hire, and retain a team of security engineers, security generalists, and incident response specialists who are responsible for keeping Gusto secure.
  • Work closely with our product and legal compliance team to create and enforce our security policies.
  • Work closely with our product engineering and IT teams to ensure that the right processes and tools are being used to develop code with minimal security vulnerabilities.
  • Implement a risk-based process for third party vendor risk management.
  • Develop and operate a Security Operations Center (SOC).

Here’s what we’re looking for:

  • 10+ years of leading security and 15+ years of industry experience, preferably in the financial or health sector.
  • A leader who cares deeply about both the technological and social aspects of building a secure organization.
  • Understanding of information security regulations, including Service Organization Control (SOC) 1 and 2, National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), and various other laws and regulations.
  • Ability to effectively communicate security and compliance concepts with a variety of technical and non-technical audiences.
  • Experience in overseeing business continuity planning / disaster recovery (BCP/DR) programs.
  • Works cross-functionally with our legal and compliance teams to understand and enforce regulatory requirements.
  • Someone who will build a clear, understandable threat model for the company both for digital and physical security.

About Gusto

Our customers come from all walks of life and so do we. We hire people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto. 

Gusto’s mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 60,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company’s investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.

Job Location(s):
San Francisco, CA, US
Apply Now