Responsibilities

The GRC Senior Analyst will play a critical role in supporting Workato’s compliance efforts with NIST 800-171 and FedRAMP Moderate certifications. This position involves developing, implementing, and maintaining governance, risk, and compliance frameworks to ensure alignment with regulatory requirements and company objectives. The ideal candidate will have extensive experience in cybersecurity compliance, risk management, and audit processes.

In this role, you will also be responsible to:

• Compliance Management

  - Support the achievement and maintenance of NIST 800-171 and FedRAMP Moderate certificationsConduct gap assessments and remediation for NIST 800-171 controls.

  - Coordinate and facilitate final assessments with independent third parties.

  - Develop and maintain compliance documentation, including policies, procedures, and evidence collection.

• Risk Management

  - Identify, assess, and mitigate risks that could impact the company, including operational, financial, and cybersecurity risks.

  - Develop risk management strategies and ensure risks are monitored and reported to leadership.

• Audit and Assessment

  - Lead internal and external audits related to NIST 800-171 and FedRAMP Moderate.

  - Compile and present audit findings, and manage remediation efforts to address any identified gaps.

  - Support ongoing compliance with other relevant frameworks such as SOC 2, HIPAA, PCI DSS, and ISO 27001.

• Policy and Framework Development

  - Develop and implement compliance policies and procedures.

  - Standardize controls across all frameworks to ensure compliance, reliability, and effectiveness throughout the audit lifecycle

• Collaboration and Training

  - Collaborate with cross-functional teams to address risks and implement compliance controls.

  - Train and mentor junior team members on compliance and risk management practices.

  - Provide strategic guidance on regulatory requirements to leadership.

• Vendor and Third-Party Management

  - Review third-party security postures and conduct vendor risk assessments.

  - Ensure third-party compliance with relevant frameworks and manage contract reviews.

• Innovation and Continuous Improvement

  - Drive innovation in compliance practices, such as implementing automated compliance monitoring tools.

  - Lead industry discussions on updating compliance frameworks for emerging technologies.

Requirements

Qualifications / Experience / Technical Skills

• Experience and Knowledge

  - 7+ years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance management.

  - Deep expertise in compliance frameworks, such as NIST 800-53, COBIT, and sector-specific standards like HITRUST and FedRAMP.

  - Working knowledge of compliance standards, including PCI DSS, GDPR, and CCPA.

  - Experience in vendor risk management and assessing third-party compliance with relevant frameworks.

  - Proficiency in supporting internal and external audits.

• Beneficial

  - Knowledge of AWS and its security services, including AWS Trusted Advisor, AWS Security Hub, and other cloud security tools.

• Technical Skills

  - Solid understanding of technical security controls related to perimeter security operations, including Cloud service providers, firewalls, IDS/IPS, and services offered by cloud service providers.

  - Technical knowledge/experience in security control technologies such as firewalls, IDS, DLP, Vulnerability Management, AWS environment, Application Security, Monitoring, and logging tools

• Certifications

  - Relevant certifications such as CISSP, CISA, PCI ISA, PCIP, CMMC RP, or similar security certifications are preferred.

• Other Requirements

  - US Citizenship

  - Based in the US

Soft Skills / Personal Characteristics

• Excellent troubleshooting skills, problem-solving, analytical thinking, and project management

• Ability to prioritize and multitask with minimal supervision

• May require working outside of normal business hours periodically

• May require some international travel

For California applicants, the pay for this role begins at $120,000 plus variable, benefits, perks and equity.