In today’s dynamic and fast-paced business environment, Human Capital Management is an indispensable tool. It provides the ability to streamline HR operations, enhance employee experience, support strategic initiatives, ensure compliance, and improve overall efficiency. Its role extends beyond basic administrative functions, contributing significantly to talent management, risk mitigation, and organizational growth.
By leveraging advanced HCM solutions, businesses can manage their human capital more effectively, align HR strategies with broader organizational goals, and respond agilely to changing market conditions.
Founded in 1971 by B. Thomas Golisano, Paychex is a world-renowned provider of integrated human capital management solutions for payroll, benefits, human resources, and insurance services. This organization exists to help small to medium-sized business owners and HR managers manage human resource administration tasks, streamline talent management, and access critical data to help them confidently make informed business decisions.
Bradley Schaufenbuel is the Vice President and Chief Information Security Officer at Paychex. He explains, “Our product is human capital management (HCM) software and services in payroll, HR, benefits, and insurance. Our customers use our software to hire, pay, manage, insure, and retain employees. Because of the products and services we provide, our business customers entrust us with sensitive information about their employees, including financial information, personally identifiable information, and protected health information.”
A Comprehensive Yet Simple Platform
In today’s era of uncertainty and rapid change, Paychex technology and service solutions stand out for their ability to simplify the complexities of running a business. The company is dedicated to delivering proactive support to help businesses navigate these challenging times effectively. Through a comprehensive suite of tools and resources, Paychex offers innovative solutions designed to save time, safeguard worker health and safety, and ensure business prosperity.
With a team of 7,000 customer service experts available around the clock via phone or online chat, and over 600 HR professionals offering expert advice on issues like safety, remote work, and policy development, Paychex is well-equipped to support diverse client needs. Moreover, Paychex’s engaging mobile self-service features allow employees to manage their own HR needs, while businesses can leverage robust planning tools for future readiness and access resources for estimating Paycheck Protection Program (PPP) loan forgiveness.
Additionally, the Paychex Flex platform hosts a wealth of articles and tutorials for ongoing learning. The company’s compliance experts keep a vigilant eye on evolving federal, state, and local regulations, with the Paychex WORX Knowledge Center providing up-to-date information through webinars, podcasts, reports, and articles on critical business topics.
Bradley’s Journey
Bradley assumed the role of Vice President and Chief Information Security Officer at Paychex in September 2019. In this capacity, Schaufenbuel is tasked with safeguarding the confidentiality, integrity, and availability of Paychex’s information assets. He is driven by the vision that a robust information security program not only protects the organization but also serves as a key business enabler and a source of competitive advantage in the market. “We are not a provider of cybersecurity services. However, we do use the strength and maturity of our cybersecurity program to differentiate Paychex from its competitors in the human capital management (HCM) space,” he elucidates.
With over 20 years of experience in the field of information security, Bradley brings a wealth of expertise to his role. Before joining Paychex, he was Vice President and Chief Information Security Officer at Paylocity Corporation and has held senior security positions at various banks, insurance companies, and professional services firms.
Schaufenbuel’s educational background includes a Master of Laws and a Juris Doctor from the University of Illinois at Chicago, an MBA from DePaul University, and a Bachelor of Arts from the University of Northern Iowa. He is a licensed attorney, a member of the United States Supreme Court Bar, and a certified Chief Information Security Officer with over a dozen additional information security certifications. Schaufenbuel is also an active speaker at cybersecurity conferences and has authored numerous books and professional journal articles on information security management and IT governance.
A Diligent Focus on Security
Under Bradley’s leadership, Paychex has demonstrated a strong commitment to cybersecurity by aligning its security controls with industry-leading frameworks and standards. The company’s approach integrates the NIST Cybersecurity Framework (CSF) and the ISO 27001 standard to establish a robust defense against cyber threats. By mapping its cybersecurity defenses to the MITRE ATT&CK Framework, Paychex ensures that all security measures address known attack techniques and enhance their ability to identify, stop, and prevent cyberattacks.
Their security services are delivered through agile project management principles, allowing for flexibility and responsiveness in managing and adapting to emerging threats. Leveraging cybersecurity tools from over 50 vendors, Paychex fortifies its defenses to protect sensitive data and combat potential attacks effectively.
Furthermore, the efficacy of Paychex’s cybersecurity controls is demonstrated through a series of rigorous assurance engagements, including SSAE-18 SOC 2 Type 2 and SOC 1 Type 2 audits, HITRUST certification, and PCI Data Security Standard (DSS) Attestations of Compliance (AOC). The company is also in the process of adding ISO 27001 registration to its list of credentials. A dedicated team of IT compliance experts, working in tandem with legal and compliance professionals, ensures that Paychex meets all legal, regulatory, and contractual requirements.
This includes adherence to state and national privacy laws, the Health Insurance Portability and Accountability Act (HIPAA), New York Department of Financial Services (NYDFS) regulations, and the PCI Data Security Standard (DSS), among others. “We maintain a comprehensive data security program that leverages controls such as zero-trust principals, state-of-the-art multi-factor authentication and authorization techniques, fine-grained role-based access control, and masking, encryption, and tokenization techniques to safeguard the data entrusted to use by our clients,” Bradley shares.
"We have a lot of cybersecurity initiatives in progress, but the one I believe will be most impactful in reducing cybersecurity risk is our multi-year implementation of a zero-trust architecture."
Leading the Way in Innovation
“Innovation is one of Paychex’s core values. We encourage our employees to step forward with new ideas and to experiment,” Bradley shares. Within the organization, Schaufenbuel deploys a distinctive strategy for building his information security team. Rather than targeting the limited pool of experienced cybersecurity professionals, he focuses on individuals from diverse backgrounds who are smart and eager to learn. This approach he finds not only brings fresh perspectives and new ideas to the team but also fosters a sense of loyalty and commitment among those given the opportunity to enter the profession, resulting in higher retention rates and a more dynamic team.
Additionally, Integrity and ethical conduct are central to Paychex’s operations, and Schaufenbuel exemplifies these values in his role. Acknowledged as one of the world’s most ethical companies by Ethisphere for 16 consecutive years, Paychex upholds a strong ethical framework. Schaufenbuel ensures adherence to these standards by avoiding conflicts of interest, disclosing potential issues, and maintaining transparency in all vendor interactions. His dedication to ethical practices reinforces Paychex’s commitment to operating with the highest level of integrity.
The Path to Future Advancement
One of the key components of revenue at Paychex is its advisory services, where HR experts assist clients in navigating complex human resources challenges. As the field of HR evolves, generative AI technology holds significant promise for both augmenting and, in the future, potentially replacing traditional HR specialists. However, this technology comes with inherent risks, including issues such as perpetuated biases, “hallucinations,” and training data poisoning.
To address these challenges, Paychex has established an AI Governance Council dedicated to the secure and responsible adoption of generative AI technologies. This council ensures that new AI solutions are implemented with careful consideration of ethical and practical concerns, reinforcing Paychex’s commitment to providing effective and responsible advisory services.
“We have a lot of cybersecurity initiatives in progress, but the one I believe will be most impactful in reducing cybersecurity risk is our multi-year implementation of a zero-trust architecture.” This initiative includes projects for enhanced identity and access management controls, zero-trust network access, network micro-segmentation, and app-to-app authentication. All these controls are designed to not only make it more difficult for an attacker to gain access to our resources but to reduce the “blast radius” if they do,” concludes Bradley Schaufenbuel.
