At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff , payroll, health insurance, 401(k)s, and HR , so owners can focus on their craft and their customers.

With teams in Denver, San Francisco, and New York, we support more than 400,000 small businesses nationwide and are building a workplace that reflects the people we serve.

All full-time employees receive competitive base pay, benefits, and equity (RSUs) , because everyone who helps build Gusto should share in its success. Offer amounts are determined by role, level, and location. Learn more about our Total Rewards philosophy.

AI is a fundamental part of how work gets done at Gusto. We expect all team members to actively engage with AI tools relevant to their role and grow their fluency as the technology evolves. AI experience requirements vary by role and will be assessed during the interview process.

About the Role:

Gusto is scaling our AI-powered risk function to support a complex, multi-entity business operating in highly regulated environments. As the Enterprise Risk Management Lead, you will own and operate Gusto's Enterprise Risk and Third Party Risk Management programs , built AI-first, designed to scale, and built to enable the business to move fast without breaking things.

This is a People Empowerer (manager) role. You balance hands-on program leadership with managing and developing a team of compliance professionals. You navigate the tension between "doing the work" and "leading the work" , contributing directly to complex, high-impact programs while ensuring your team delivers with excellence.

You are a change agent who influences how automated risk management gets done at Gusto, models AI-enabled ways of working, and helps others grow their own capabilities in the process.

You will champion the adoption of AI, machine learning, and process automation across risk monitoring, control testing, incident management, and reporting , and you will partner with Product, Data Science, and Engineering to make it explainable, adopted, compliant, and scalable.

Here’s what you’ll do day-to-day:

You manage initiatives that are complex in both scope and impact, influencing the strategic direction of Gusto's compliance risk management framework.

You apply a deep understanding of the regulatory landscape and how it intersects with Gusto's business model to proactively design and lead cross-functional risk programs.

You translate complex risk topics into clear, actionable guidance that senior leaders can immediately understand and operationalize.

You lead cross-functional working groups, align divergent perspectives, and drive cohesive progress toward shared goals , with minimal oversight.

As a PE, you balance individual risk and compliance contribution with team leadership.

You manage operations, professional development, resource allocation, and performance , while staying close enough to the work to be a credible, hands-on partner to your team and stakeholders.

You model responsible AI use, and act as a source of knowledge and mentorship , supporting your team's AI journey and helping others apply it responsibly and effectively.

AI-Enabled Risk Operations, Innovation & Transformation

This is how you and your team operate , not a side project.

• Champion the adoption of AI, machine learning, process automation, and advanced analytics to improve risk monitoring, control testing, and reporting across ERM, TPRM, and broader compliance functions

• Lead the integration of AI and automation into every phase of the risk lifecycle: vendor assessments, document ingestion and analysis, continuous monitoring and alerting, risk scoring, prioritization, and trend analysis

• Build intelligent risk monitoring and evaluation systems , including auto-tagging for risk issues, audit requests, and regulatory changes , that improve real-time visibility and eliminate manual effort across the enterprise risk portfolio

• Drive the digitalization of risk tools including RCSAs, KRIs, incident reporting, and audit tracking , transforming periodic, reactive processes into continuous intelligence systems with live leading and lagging indicators that enable real-time decision-making

• Partner with Product, Data Science, and Engineering to define requirements for AI-driven workflows, decisioning engines, and dashboards , ensuring explainability, auditability, and regulatory defensibility of all AI-enabled risk decisions

• Design and build intelligent dashboards and reporting tools that deliver real-time risk visibility and decision-quality insights to senior leadership and cross-functional stakeholders

• Design AI workflows with appropriate validation loops, human-in-the-loop checkpoints, and guardrails , ensuring outputs are reliable, governable, and meet regulatory standards before being used to frame risks, recommendations, or decisions

• Stay current on AI advancements and emerging technologies and proactively integrate new capabilities into team operations to increase velocity and scale

• Model responsible AI use , supporting ICs in their AI journeys and fostering a culture of intentional experimentation, accountability, and continuous improvement

Enterprise Risk Management

• Design, implement, and continuously improve Gusto's ERM framework, ensuring alignment with best practices and Gusto's stage of growth and strategic priorities across all entities

• Define and maintain Gusto's enterprise risk taxonomy, risk appetite statement, and key risk indicators spanning operational, regulatory, technology, financial, and reputational risk domains

• Lead Gusto's Enterprise Risk Management process , driving integration of risk practices across business functions, promoting a proactive risk culture, and ensuring incident management, root cause analysis, and lessons learned are systematically captured in an automated, AI forward way.

• Apply AI-assisted insights to enterprise risk datasets to surface systemic patterns, validate assumptions, prioritize risks, and deliver proactive, data-driven advisory to senior leadership

• Monitor the regulatory landscape (OCC, FDIC, CFPB, SEC, FINRA, GDPR, NIST, ISO, SOC) and leverage AI to proactively incorporate changes before they become compliance gaps

• Act as a key advisor to senior compliance leadership , translating complex risk findings into clear, actionable recommendations with minimal oversight

Third Party Risk Management (TPRM)

• Design, implement, and independently manage a high-impact, AI-first TPRM program with clear milestones, progress tracking, and measurable outcomes across all Gusto entities

• Manage the full third-party risk lifecycle , onboarding and risk profiling, periodic assessments, issue management, corrective action tracking, and offboarding , across suppliers, product partners, contractors, service providers, and cloud service providers , and do so in an AI and automated way.

• Maintain a centralized, authoritative vendor risk inventory and risk register, ensuring real-time visibility into Gusto's third-party risk posture

• Conduct periodic AI-driven audits and reviews of third-party compliance with contractual obligations and regulatory standards, identifying patterns that inform continuous program improvement

• Serve as the central orchestrator across Compliance, Security, Legal, Procurement, IT, and GRC for proactive and reactive third-party incident management

• Own Gusto's TPRM policy and maintain comprehensive documentation , risk assessments, audit findings, corrective actions , ensuring full accountability and traceability

People Leadership & Team Development

• Balance individual compliance contribution with team leadership , managing operations, professional development, resource allocation, and performance while staying close to the work

• Coach and develop ICs toward next

XML job scraping automation by YubHub

This role plays a key part in maintaining safe work conditions, supporting radiological controls, and ensuring compliance with site procedures. A significant portion of this role involves working in and around radiological areas, supporting contamination controls, monitoring activities, and personnel safety. Prior radiological experience is required.

Responsibilities: Radiological & Area Safety Support: Support radiological control activities including area monitoring, contamination surveys, and access controls. Assist with implementation of radiological work permits and site-specific safety requirements. Monitor work activities in radiological areas to ensure compliance with procedures and controls. Support personnel monitoring and contamination control practices. Report abnormal conditions, incidents, or safety concerns immediately to EH&S leadership.

EH&S Program Support: Assist with day-to-day execution of environmental, health, and safety programs. Support inspections, audits, and routine safety walkthroughs. Help maintain EH&S documentation, logs, and records. Support incident investigations and corrective action tracking.

Operational & Field Support: Provide on-the-floor safety presence to support manufacturing, maintenance, and technical teams. Assist with hazard identification, job safety analyses, and work planning activities. Ensure PPE requirements and safety controls are understood and followed.

Training & Compliance: Assist with delivery and tracking of EH&S and radiological training. Support onboarding of new employees with safety orientation and site requirements. Reinforce a strong safety culture through consistent communication and engagement.

Skills & Qualifications: Experience in EH&S, industrial safety, manufacturing operations, or a regulated technical environment. Willingness to work in radiological areas following training and procedural controls. Strong attention to detail and commitment to safety and compliance. Ability to communicate clearly and professionally with operations and technical staff. Comfort working on the production floor and in active work environments. Technical, trade, military, or equivalent hands-on background preferred. Prior radiological, nuclear, or hazardous materials experience is required.

Benefits: Health, Dental & Vision Insurance Health Savings Account Disability and Life Insurance 401K Plan Paid Time Off, Holidays

XML job scraping automation by YubHub

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. The salary range is $125.6K – $228K. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

About the Team:

OpenAI, in close collaboration with our capital partners, is embarking on a journey to build the world’s most advanced AI infrastructure ecosystem. Our Stargate program develops and deploys massive, state-of-the-art data center campuses in partnership with industry leaders such as Oracle today—and through future OpenAI infrastructure projects tomorrow. We design for scale, speed, and reliability, and we need experienced hardware professionals who can help ensure our high-density compute environment operates at peak performance.

About the Role:

The Data Center Incident Program Manager is responsible for designing, operating, and continuously improving the end-to-end incident management lifecycle across mission-critical data center environments. This role owns the “before, during, and after” mechanics of incidents — establishing standards and playbooks in steady state, serving as (or designating) Incident Commander during active events, and driving structured post-incident review and corrective action to closure.

In this role you will:

• Define and maintain incident severity levels (SEV definitions), classification criteria, and escalation thresholds.

• Establish end-to-end incident response standards: protocols, lifecycle stages (declare → stabilize → mitigate → recover → close), and operating cadence.

• Build and maintain governance artifacts: runbooks, war room formats, reporting templates, and decision/communication standards.

• Create and operationalize notification trees, stakeholder comms templates (initial, periodic updates, recovery/closure), and executive escalation criteria.

• Define clear RACI across Facilities, Hardware Ops, Network, Security, and vendor/partner teams, including handoffs and accountability paths.

• Set and manage SLAs/OLAs for acknowledgment, escalation, containment, mitigation, and reporting.

• Implement and run incident management tooling (ticketing, paging, logging) and ensure integrations with monitoring and workflow systems.

• Establish dashboards and program health metrics to track incident performance and readiness.

• Lead readiness activities: tabletop exercises, cross-functional simulations, IC/Deputy training, and a rotating on-call IC bench with certification standards.

• Serve as Incident Commander as needed: declare severity, stand up the war room, assign functional leads, and drive structured execution under pressure.

• Maintain real-time documentation (decisions, timelines, impact scope) and ensure clear restoration objectives and scope control during active events.

• Run post-incident reviews (PIRs), validate timelines, drive structured RCA (e.g., 5 Whys, Fault Tree), and separate root cause vs contributing factors.

• Define corrective/preventative actions (CAPAs), assign accountable owners, track to verified closure, and escalate overdue actions.

• Publish trend reporting (incident taxonomy, counts by severity, MTTA/MTTR, repeat failure domains) and feed systemic gaps back into design and operations teams.

You might thrive in this role if you:

• 7+ years in mission-critical infrastructure, data center operations, or reliability engineering

• Direct experience leading major incidents (P1/P0 equivalent)

• Strong familiarity with facilities systems, hardware operations, or network infrastructure

• Demonstrated experience running war rooms and executive updates

• Experience conducting root cause analysis and corrective action tracking

• Ability to remain calm and decisive under high-pressure conditions

Preferred Skills:

• Experience in hyperscale or high-density AI compute environments

• Background in facilities commissioning, facility operations, hardware operations, or network reliability

• Familiarity with ISO-based quality systems or structured operational documentation frameworks

• Experience implementing incident tooling (PagerDuty, ServiceNow, Jira, etc.)

XML job scraping automation by YubHub