Senior Staff IT Controls, Enterprise Applications

About the role

As the Senior Staff IT Controls you will own, evolve, and scale IT General Controls (ITGCs) across Gusto's enterprise application ecosystem including NetSuite, Workday, Salesforce, and adjacent platforms, serving as the single point of accountability for ITGC design, testing, remediation, and audit readiness. Sitting within the Enterprise Applications organization, you will partner closely with Internal Audit, IT, Security, and Finance to ensure Gusto meets SOX 404 compliance requirements while strengthening our broader risk posture. You will not only maintain a best-in-class controls environment, but will also pioneer the use of AI and automation to make controls testing faster, smarter, and more continuous, transforming assurance from a periodic, manual exercise into a scalable, intelligent capability. In line with Gusto's enterprise risk management strategy, you will reduce manual effort across the compliance lifecycle while raising the bar on control precision and coverage as the company scales. This is a senior, high-impact individual contributor role that blends deep IT controls expertise with a forward-looking vision for AI-augmented assurance, combining technical rigor, cross-functional partnership, and strategic systems thinking to build a controls function that is both audit-ready and future-proof. This role will report to the Enterprise AIT team, a group focused on driving the intelligent transformation of Gusto's enterprise systems. The Enterprise AIT team is responsible for integrating AI, automation, and advanced analytics across our internal applications ecosystem to improve scalability, efficiency, and decision-making. Partnering closely with Finance, Business Ops, IT, and Security, the team enables Gusto's enterprise systems to become smarter, more predictive, and more adaptive. This is a new role, designed to expand the team's capacity to operationalize AI within enterprise workflows and support Gusto's broader Enterprise Systems strategy. Here's what you'll do day-to-day: Own ITGC design and operation across enterprise applications - including logical access, change management, SDLC, computer operations, and segregation of duties (SoD). Lead the 1st-line control environment for in-scope enterprise applications, partnering with application owners and engineering leads to embed controls into operational workflows rather than bolting them on. Drive SoD strategy across ERP, HRIS, and CRM - including role design reviews, conflict remediation, mitigating control design, and ongoing monitoring tooling (e.g., Pathlock, SailPoint, Saviynt, native role analyzers). Manage the audit lifecycle as the primary 1st-line liaison with Internal Audit, External Audit, and the SOX PMO - walkthroughs, evidence collection, deficiency remediation, and management responses. Build AI-native continuous controls monitoring - including LLM-based evidence review, agentic control testing, and automated anomaly surveillance - to eliminate manual evidence collection, shift controls left, and surface exceptions in near real time. Treat AI agents as control operators with the same evidence and validation expectations as human operators. Own the controls posture for Gusto's internal AI and automation portfolio. Partner with AI-builder teams across the company (Finance & BizOps, GRC, Engineering) to review internal AI use cases, classify by risk category, and ensure controls, evidence trails, and validation travel with the build - not bolted on after launch. Be the senior 1st-line owner for "do our internal AI builds meet our control standards? Lead access governance including provisioning/deprovisioning workflows, periodic user access reviews (UARs), privileged access management, and integration with the IGA platform. Govern application change management for in-scope systems - approvals, segregation between developers and production, emergency change handling, and release evidence. Mature the controls program by leading rationalization initiatives, control consolidation, and t

Benefits

Additional Information

About Gusto At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff - payroll, health insurance, 401(k)s, and HR - so owners can focus on their craft and their customers. With teams in Denver, San Francisco, and New York, we support more than 500,000 small businesses nationwide and are building a workplace that reflects the people we serve. All full-time employees receive competitive base pay, benefits, and equity (RSUs) - because everyone who helps build Gusto should share in its success. Offer amounts are determined by role, level, and location. Learn more about our Total Rewards philosophy . AI is a fundamental part of how work gets done at Gusto. We expect all team members to actively engage with AI tools relevant to their role and grow their fluency as the technology evolves. AI experience requirements vary by role and will be assessed during the interview process.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Gusto? Share your experience