Enterprise Risk Management Lead

About Gusto

At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff—like payroll, health insurance, 401(k)s, and HR—so owners can focus on their craft and customers. With teams in Denver, San Francisco, and New York, we’re proud to support more than 400,000 small businesses across the country, and we’re building a workplace that represents and celebrates the customers we serve. Learn more about our

Total Rewards philosophy

.

About The Role

Gusto is scaling our AI-powered risk function to support a complex, multi-entity business operating in highly regulated environments. As the Enterprise Risk Management Lead, you will own and operate Gusto's Enterprise Risk and Third Party Risk Management programs — built AI-first, designed to scale, and built to enable the business to move fast without breaking things.

This is a People Empowerer (manager) role. You balance hands-on program leadership with managing and developing a team of compliance professionals. You navigate the tension between "doing the work" and "leading the work" — contributing directly to complex, high-impact programs while ensuring your team delivers with excellence. You are a change agent who influences how automated risk management gets done at Gusto, models AI-enabled ways of working, and helps others grow their own capabilities in the process.

You will champion the adoption of AI, machine learning, and process automation across risk monitoring, control testing, incident management, and reporting — and you will partner with Product, Data Science, and Engineering to make it explainable, adopted, compliant, and scalable.

Here’s What You’ll Do Day-to-day

You manage initiatives that are complex in both scope and impact, influencing the strategic direction of Gusto's compliance risk management framework. You apply a deep understanding of the regulatory landscape and how it intersects with Gusto's business model to proactively design and lead cross-functional risk programs. You translate complex risk topics into clear, actionable guidance that senior leaders can immediately understand and operationalize. You lead cross-functional working groups, align divergent perspectives, and drive cohesive progress toward shared goals — with minimal oversight.

As a PE, you balance individual risk and compliance contribution with team leadership. You manage operations, professional development, resource allocation, and performance — while staying close enough to the work to be a credible, hands-on partner to your team and stakeholders. You model responsible AI use, and act as a source of knowledge and mentorship — supporting your team's AI journey and helping others apply it responsibly and effectively.

AI-Enabled Risk Operations, Innovation & Transformation

This is how you and your team operate — not a side project.

Champion the adoption of AI, machine learning, process automation, and advanced analytics to improve risk monitoring, control testing, and reporting across ERM, TPRM, and broader compliance functions

Lead the integration of AI and automation into every phase of the risk lifecycle: vendor assessments, document ingestion and analysis, continuous monitoring and alerting, risk scoring, prioritization, and trend analysis

Build intelligent risk monitoring and evaluation systems — including auto-tagging for risk issues, audit requests, and regulatory changes — that improve real-time visibility and eliminate manual effort across the enterprise risk portfolio

Drive the digitalization of risk tools including RCSAs, KRIs, incident reporting, and audit tracking — transforming periodic, reactive processes into continuous intelligence systems with live leading and lagging indicators that enable real-time decision-making

Partner with Product, Data Science, and Engineering to define requirements for AI-driven workflows, decisioning engines, and dashboards — ensuring explainability, auditability, and regulatory defensibility of all AI-enabled risk decisions

Design and build intelligent dashboards and reporting tools that deliver real-time risk visibility and decision-quality insights to senior leadership and cross-functional stakeholders

Design AI workflows with appropriate validation loops, human-in-the-loop checkpoints, and guardrails — ensuring outputs are reliable, governable, and meet regulatory standards before being used to frame risks, recommendations, or decisions

Stay current on AI advancements and emerging technologies and proactively integrate new capabilities into team operations to increase velocity and scale

Model responsible AI use — supporting ICs in their AI journeys and fostering a culture of intentional experimentation, accountability, and continuous improvement

Enterprise Risk Management

Design, implement, and continuously improve Gusto's ERM framework, ensuring alignment with best practices and Gusto's stage of growth and strategic priorities across all entities

Define and maintain Gusto's enterprise risk taxonomy, risk appetite statement, and key risk indicators spanning operational, regulatory, technology, financial, and reputational risk domains

Lead Gusto's Enterprise Risk Management process — driving integration of risk practices across business functions, promoting a proactive risk culture, and ensuring incident management, root cause analysis, and lessons learned are systematically captured in an automated, AI forward way.

Apply AI-assisted insights to enterprise risk datasets to surface systemic patterns, validate assumptions, prioritize risks, and deliver proactive, data-driven advisory to senior leadership

Monitor the regulatory landscape (OCC, FDIC, CFPB, SEC, FINRA, GDPR, NIST, ISO, SOC) and leverage AI to proactively incorporate changes before they become compliance gaps

Act as a key advisor to senior compliance leadership — translating complex risk findings into clear, actionable recommendations with minimal oversight

Third Party Risk Management (TPRM)

Design, implement, and independently manage a high-impact, AI-first TPRM program with clear milestones, progress tracking, and measurable outcomes across all Gusto entities

Manage the full third-party risk lifecycle — onboarding and risk profiling, periodic assessments, issue management, corrective action tracking, and offboarding — across suppliers, product partners, contractors, service providers, and cloud service providers - and do so in an AI and automated way.

Maintain a centralized, authoritative vendor risk inventory and risk register, ensuring real-time visibility into Gusto's third-party risk posture

Conduct periodic AI-driven audits and reviews of third-party compliance with contractual obligations and regulatory standards, identifying patterns that inform continuous program improvement

Serve as the central orchestrator across Compliance, Security, Legal, Procurement, IT, and GRC for proactive and reactive third-party incident management

Own Gusto's TPRM policy and maintain comprehensive documentation — risk assessments, audit findings, corrective actions — ensuring full accountability and traceability

People Leadership & Team Development

Balance individual compliance contribution with team leadership — managing operations, professional development, resource allocation, and performance while staying close to the work

Coach and develop ICs toward next-level impact, including building confidence and fluency with AI-enabled ways of working

Anchor development conversations in observable behaviors, outcomes, and the L&C competency framework — identifying gaps between current performance and next-level expectations

Model the standard for what great risk work looks like at Gusto: rigorous, judgment-driven, AI-augmented, and business-enabling

Foster a team culture of intellectual curiosity, responsible risk-taking, and continuous improvement

Collaboration & Stakeholder Engagement

Lead cross-functional working groups across Compliance, Security, Legal, Procurement, IT, Product, and Finance — aligning divergent perspectives and driving cohesive progress toward shared goals

Translate complex risk topics into plain business language that senior leaders can immediately understand and act on

Engage with external auditors, regulatory examiners, and third-party counterparties with credibility and authority, representing Gusto's risk programs with transparency and rigor

Build and maintain trust across the organization by delivering balanced, well-reasoned risk guidance that enables innovation while protecting Gusto

Leverage AI-assisted insights to enhance cross-functional collaboration — ensuring outputs are validated and meet reliability standards before being used to frame risks, recommendations, or decisions

Here’s What We're Looking For

AI forward experience

Demonstrated experience implementing automation, AI, and advanced analytics into risk or compliance workflows — not theoretical; you have built and shipped this

Exceptional ability to synthesize complex, multi-domain risk findings into clear, actionable recommendations for non-technical and executive audiences

Skilled at facilitating alignment across a diverse set of internal and external stakeholders — building consensus, surfacing trade-offs, and driving decisions with clarity and accountability

Strong attention to detail with excellent organizational skills, enabling effective coordination across multiple simultaneous programs and workstreams

Experience in enterprise risk management, compliance, vendor management, or a closely related field — with hands-on expertise in both ERM frameworks and Third Party Risk Management

Proven track record of building and scaling enterprise-wide programs in highly regulated environments (fintech, financial services, payments, or banking strongly preferred)

Strong cross-functional coordination skills with the ability to read, analyze, and interpret legal documents and vendor contracts

Leadership & Enterprise wide collaboration

Proven people management experience