IT Risk Principal, BT Risk Management

Workday•Atlanta, GA

1d•Hybrid

About The Position

Your work days are brighter here. We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too. About the Team Workday’s Business Technology (BT) organization continues its mission to deliver unparalleled value to our business partners and customers. To support this mission, the BT Strategy & Operations team is responsible for developing the long-term vision for BT, setting goals and objectives, and ensuring that we have the right plans in place to move with speed at scale. The team collaborates closely with cross-functional teams, business partners, and executives to understand the needs and priorities of the business, and supports the development of strategies that will help BT meet those needs. About the Role The IT Risk Principal will be a foundational leader in establishing and maturing a proactive, comprehensive BT Risk Management Function. This role is critical to Workday's transformation toward operating at scale as an AI-first company by ensuring our technology estate is secure, compliant, and resilient. You will be responsible for defining and implementing the framework, standards, and processes to identify, assess, and mitigate technology and operational risks across the entire Business Technology (BT) organization.

Requirements

12+ years of experience in Technology Risk Management, or Governance and Compliance roles, preferably within a large, global enterprise or technology company.
12+ years experience in GRC, leading GRC initiatives, developing and maintaining GRC frameworks, and ensuring organizational compliance with applicable laws and regulations.
Established track record of designing, developing, and successfully launching GRC programs.
Deep technical understanding of cloud security, IT operations, and modern development practices (DevSecOps).
Exceptional leadership, program management, and communication skills, with the ability to influence senior leaders across technical and non-technical domains.
Expert-level understanding of Audits Compliance, organizational audit strategies and compliance programs.
Deep and strategic knowledge of Cyber Security Governance frameworks and enterprise-wide cyber security governance programs.
Bachelor’s degree in a relevant discipline such as Business Administration, Information Security.

Nice To Haves

A track record of acting as a thought leader in the technology or security space, including presenting at industry events, publishing articles, or influencing key industry trends.
AI/ML Knowledge: Familiarity with the unique risks and governance challenges associated with emerging technologies, particularly Artificial Intelligence and Machine Learning.
Relevant certifications (e.g., CRISC, CISM, CISA, CISSP) are a plus.
Master's degree preferred.

Responsibilities

Design and Formalize the BT Risk Management Framework: Lead the design and development of the new, formal, and comprehensive BT Risk Management Program, clarifying roles, responsibilities, and a standardized framework for risk buy down prioritization.
Establish the BT GRC Center of Excellence (CoE): Collaborate cross-functionally to build the foundation of a federated GRC model, establishing a BT Center of Excellence (CoE) that promotes risk awareness, standardizes methodologies, and supports proactive risk management across BT.
Review and enhance the BT compliance strategy, including controls and procedures, with regard to industry trends and upcoming regulatory activity, ensuring BT maintains its commitment to running secure and reliable systems
Lead Risk & Control Analysis: Work with business units and stakeholders, including Security, Internal Audit, BT, and Compliance, to formally assess security issues/gaps and identify potential operational risks.
Manage Remediation & Follow-Up: Clearly communicate the impact of security issues and gaps to business management and agree on precise remediation actions and timelines. Manage follow-up programs to ensure timely completion of all Management Action Plans.
Lead a project to establish and perform a risk assessment process for BT technology.
Lead ongoing projects to address GRC-related findings, demonstrating immediate value and embedding a culture of proactive risk management.
Build and maintain strong, effective partnerships with BT leaders and cross-functional partners to foster a collaborative and supportive environment. This is essential to drive the collective objective of "Doing Things Right".
Lead change management efforts to overcome resistance and drive adoption of new security behaviors and risk processes across the organization, simplifying the path to compliance.
Define, implement, and track ODMs to measure the effectiveness of risk management, compliance, and control activities.
Continuously refine initiatives based on organizational feedback and data-driven insights from metrics to ensure the BT Risk Management program maintains alignment with strategic objectives.