Compliance System Owner

About The Position

Requirements

• 10+ years of experience in cybersecurity engineering for complex enterprise systems for regulated industries.
• 5+ years experience working with regulatory compliance frameworks (e.g. NIST 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRAMP, DOD SRG IL4/IL5, PCI, etc.).
• US Citizenship and ability to acquire/maintain a security clearance.

Nice To Haves

• Experience in architecting secure solutions using cloud native technologies (including CI/CD pipelines, microservices, etc.).
• Experience in building secure solutions in cloud environments (like AWS/GCP/Azure) that align with FedRAMP High requirements.
• Proven leadership experience in driving cross-functional compliance initiatives.
• Exceptional ability to communicate and influence collaborators at all levels, including senior executives.
• Experience working with the FedRAMP PMO, FedRAMP JAB, and DISA Cloud Assessment Division is a plus.
• Deep technical knowledge application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS.
• Industry certifications such as CISA, CISSP, CCSK, or equivalent are desirable.

Responsibilities

• Work with engineering teams to ensure that systems are architected, implemented and operate in compliance with relevant security standards including FedRAMP/FISMA High, DoD IL-4/5, NIST 800-53 R5, ISO 27000 and others.
• Establish baseline engineering requirements for compliance to build secure solutions for Government Cloud environments.
• Establish Risk Management strategy, coordinating with external assessors and advisory firms that provide security audits and risk assessments. Supervise mitigation plans, ensuring timely remediation of risks.
• Establish and govern a common controls strategy to ensure security and compliance across Workday's environments with relevant internal and external security frameworks.
• Partner with cross-functional teams, including product security, engineering, legal, and external regulatory bodies, to align compliance initiatives with business objectives.
• Maintain and lead partnerships with customer US Federal Government agencies and the FedRAMP PMO, staying atop of all industry updates and changes to the program.
• Drive efficiencies in compliance assessments, including the implementation of innovative ways to meet and exceed security requirements.
• Provide executive-level guidance on incident response and security forensics, ensuring alignment with compliance frameworks.
• Own the development of security policies, procedures, and reporting mechanisms to meet relevant regulatory and customer requirements.

Benefits

• Workday Bonus Plan or a role-specific commission/bonus.
• Annual refresh stock grants.