Senior GRC Analyst

<div class="content-intro"><h1><span style="font-family: helvetica, arial, sans-serif;"><strong>About Workato</strong></span></h1> <p>Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform. A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato’s cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale. With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business. To learn more, visit <span><a href="http://www.workato.com" target="_blank">www.workato.com</a></span></p> <h1><strong>Why join us?</strong></h1> <p><span style="font-weight: 400;">Ultimately, Workato believes in fostering a </span><strong>flexible, trust-oriented culture that empowers everyone to take full ownership of their roles</strong><span style="font-weight: 400;">. We are driven by </span><strong>innovation </strong><span style="font-weight: 400;">and looking for</span><strong> team players </strong><span style="font-weight: 400;">who want to actively build our company.&nbsp;</span></p> <p><span style="font-weight: 400;">But, we also believe in </span><strong>balancing productivity with self-care</strong><span style="font-weight: 400;">. That’s why we offer all of our employees a vibrant and dynamic work environment </span><a href="http://www.workato.com/careers"><span style="font-weight: 400;">along with a multitude of benefits</span></a><span style="font-weight: 400;"> they can enjoy inside and outside of their work lives.&nbsp;</span></p> <p><span style="font-weight: 400;">If this sounds right up your alley, please submit an application. We look forward to getting to know you!</span></p> <p><span style="font-weight: 400;">Also, feel free to check out why:</span></p> <ul> <li style="font-weight: 400;"> <p><a href="https://www.businessinsider.com/47-enterprise-startups-to-bet-your-career-on-in-2020-2019-12"><span style="font-weight: 400;">Business Insider</span></a><span style="font-weight: 400;"> named us an “enterprise startup to bet your career on”</span></p> </li> <li style="font-weight: 400;"> <p><a href="https://www.forbes.com/cloud100/#a57477b5f941"><span style="font-weight: 400;">Forbes’ Cloud 100</span></a><span style="font-weight: 400;"> recognized us as one of the top 100 private cloud companies in the world</span></p> </li> <li style="font-weight: 400;"> <p><a href="https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/fast500-winners.html"><span style="font-weight: 400;">Deloitte Tech Fast 500</span></a><span style="font-weight: 400;"> ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America</span></p> </li> <li> <p><a href="https://qz.com/work/2053446/the-best-companies-for-working-from-home/"><span style="font-weight: 400;">Quartz</span></a><span style="font-weight: 400;"> ranked us the #1 best company for remote workers</span></p> </li> </ul></div><h1><strong>Responsibilities</strong></h1> <p>Workato is seeking a detail-oriented, driven, and technically experienced Senior GRC Analyst to strengthen and advance its security governance, risk, and compliance (GRC) program — with a primary focus on FedRAMP authorization and ongoing federal compliance operations.</p> <p>This role will lead FedRAMP readiness, authorization, and continuous monitoring activities in alignment with NIST 800-53 requirements, while also supporting broader compliance frameworks including ISO 27001, NIST 800-171, PCI-DSS, and IRAP. The ideal candidate will bring deep federal compliance expertise combined with strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and drive improvements across security domains.</p> <p><span style="font-weight: 400;">In this role, y</span><span style="font-weight: 400;">ou will also be responsible for:</span></p> <ul> <li> <p><strong>Leading FedRAMP authorization efforts</strong> — including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action &amp; Milestones (POA&amp;M) management, and preparation for Third Party Assessment Organization (3PAO) engagements</p> </li> <li> <p><strong>Owning continuous monitoring (ConMon)</strong> activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments</p> </li> <li> <p>Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts</p> </li> <li> <p>Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP</p> </li> <li> <p>Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated</p> </li> <li> <p>Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk</p> </li> <li> <p>Review contracts to ensure security and compliance requirements — including FedRAMP flow-down clauses — are met</p> </li> <li> <p>Identify control gaps and recommend improvements to enhance the organization's federal security posture</p> </li> <li> <p>Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers</p> </li> <li> <p>Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements</p> </li> <li> <p>Develop and track remediation plans for identified risks and POA&amp;M items</p> </li> <li> <p>Maintain and update the risk register with federal risk considerations</p> </li> <li> <p>Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary</p> </li> <li> <p>Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines</p> </li> <li> <p>Support federal-facing sales and customer success discussions with compliance expertise</p> </li> <li> <p>Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows</p> </li> <li> <p>Build strong working relationships across departments and with federal agency AOs (Authorizing Officials)</p> </li> <li> <p>Take on additional responsibilities as needed</p> </li> </ul> <h1><strong>Requirements</strong></h1> <h3><strong>Qualifications / Experience / Technical Skills</strong></h3> <ul> <li> <p>8+ years of experience in cybersecurity, audits, risk management, compliance, or remediation</p> </li> <li> <p><strong>Hands-on FedRAMP experience required</strong> — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&amp;M management, or 3PAO coordination</p> </li> <li> <p>Deep familiarity with <strong>NIST 800-53 Rev 5</strong> control families and FedRAMP-specific overlays, guidance, and templates</p> </li> <li> <p>Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions)</p> </li> <li> <p>Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders</p> </li> <li> <p>Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field</p> </li> <li> <p>Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management</p> </li> <li> <p>Familiarity with NIST 800-171 and CMMC as complementary federal frameworks</p> </li> <li> <p>Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701</p> </li> <li> <p>Relevant certifications strongly preferred: <strong>CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses)</strong>, or similar</p> </li> <li> <p>Ability to manage multiple priorities independently with minimal supervision</p> </li> </ul> <h3><strong>Soft Skills / Personal Characteristics</strong></h3> <ul> <li> <p>Strong communication skills with the ability to translate federal compliance requirements into technical actions and executive-level summaries</p> </li> <li> <p>High energy and adaptability in a fast-paced, high-stakes compliance environment</p> </li> <li> <p>Strong collaboration and knowledge-sharing mindset across engineering, legal, and customer-facing teams</p> </li> <li> <p>Excellent time management and organizational skills — particularly for managing concurrent ConMon and audit cycles</p> </li> <li> <p>High attention to detail, integrity, and ethical standards consistent with handling federal data and programs</p> </li> <li> <p>Willingness to learn and take on new challenges as Workato's federal footprint grows</p> </li> </ul> <h3><strong>Nice to Have</strong></h3> <ul> <li> <p>This position requires overlap with U.S. Pacific Time (PST) working hours.&nbsp;</p> </li> <li> <p>Strong hands-on experience with FedRAMP, NIST 800-53, ISO 27001, NIST 800-171, PCI-DSS, SOC 2, and potentially IRAP is required.</p> </li> <li> <p>May involve some international travel.</p> </li> <li> <p>Must be eligible to work on U.S. federal government-related programs; ability to obtain or support federal security clearance processes is a plus.</p> </li> </ul> <p>The pay for this role may range from $120,000 to $145,000, plus variable compensation, benefits, perks, and equity.</p> <p><strong>(REQ ID: 2761)</strong></p> <p><span style="color: rgb(255, 255, 255);"><strong>#LI-NJ1</strong></span></p>