What are the responsibilities and job description for the Senior GRC Analyst position at Workato?
Workato transforms technology complexity into business opportunity. As the leader in enterprise orchestration, Workato helps businesses globally streamline operations by connecting data, processes, applications, and experiences. Its AI-powered platform enables teams to navigate complex workflows in real-time, driving efficiency and agility.
Trusted by a community of 400,000 global customers, Workato empowers organizations of every size to unlock new value and lead in today's fast-changing world. Learn how Workato helps businesses of all sizes achieve more at workato.com.
Why join us?Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.
But, we also believe in balancing productivity with self-care. That's why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.
If this sounds right up your alley, please submit an application. We look forward to getting to know you!
Also, feel free to check out why:
Business Insider named us an "enterprise startup to bet your career on"
Forbes' Cloud 100 recognized us as one of the top 100 private cloud companies in the world
Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
Quartz ranked us the #1 best company for remote workers
The GRC Senior Analyst will play a critical role in supporting Workato's compliance efforts with NIST 800-171 and FedRAMP Moderate certifications. This position involves developing, implementing, and maintaining governance, risk, and compliance frameworks to ensure alignment with regulatory requirements and company objectives. The ideal candidate will have extensive experience in cybersecurity compliance, risk management, and audit processes.
In this role, you will also be responsible to:
Compliance Management
- Support the achievement and maintenance of NIST 800-171 and FedRAMP Moderate certificationsConduct gap assessments and remediation for NIST 800-171 controls.
- Coordinate and facilitate final assessments with independent third parties.
- Develop and maintain compliance documentation, including policies, procedures, and evidence collection.
Risk Management
- Identify, assess, and mitigate risks that could impact the company, including operational, financial, and cybersecurity risks.
- Develop risk management strategies and ensure risks are monitored and reported to leadership.
Audit and Assessment
- Lead internal and external audits related to NIST 800-171 and FedRAMP Moderate.
- Compile and present audit findings, and manage remediation efforts to address any identified gaps.
- Support ongoing compliance with other relevant frameworks such as SOC 2, HIPAA, PCI DSS, and ISO 27001.
Policy and Framework Development
- Develop and implement compliance policies and procedures.
- Standardize controls across all frameworks to ensure compliance, reliability, and effectiveness throughout the audit lifecycle
Collaboration and Training
- Collaborate with cross-functional teams to address risks and implement compliance controls.
- Train and mentor junior team members on compliance and risk management practices.
- Provide strategic guidance on regulatory requirements to leadership.
Vendor and Third-Party Management
- Review third-party security postures and conduct vendor risk assessments.
- Ensure third-party compliance with relevant frameworks and manage contract reviews.
Innovation and Continuous Improvement
- Drive innovation in compliance practices, such as implementing automated compliance monitoring tools.
- Lead industry discussions on updating compliance frameworks for emerging technologies.
Experience and Knowledge
- 7 years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance management.
- Deep expertise in compliance frameworks, such as NIST 800-53, COBIT, and sector-specific standards like HITRUST and FedRAMP.
- Working knowledge of compliance standards, including PCI DSS, GDPR, and CCPA.
- Experience in vendor risk management and assessing third-party compliance with relevant frameworks.
- Proficiency in supporting internal and external audits.
Beneficial
- Knowledge of AWS and its security services, including AWS Trusted Advisor, AWS Security Hub, and other cloud security tools.
Technical Skills
- Solid understanding of technical security controls related to perimeter security operations, including Cloud service providers, firewalls, IDS/IPS, and services offered by cloud service providers.
- Technical knowledge/experience in security control technologies such as firewalls, IDS, DLP, Vulnerability Management, AWS environment, Application Security, Monitoring, and logging tools
Certifications
- Relevant certifications such as CISSP, CISA, PCI ISA, PCIP, CMMC RP, or similar security certifications are preferred.
Other Requirements
- US Citizenship
- Based in the US
Excellent troubleshooting skills, problem-solving, analytical thinking, and project management
Ability to prioritize and multitask with minimal supervision
May require working outside of normal business hours periodically
May require some international travel
For California applicants, the pay for this role begins at $120,000 plus variable, benefits, perks and equity.
