Senior GRC Analyst

About The Position

Requirements

• 8+ years of experience in cybersecurity, audits, risk management, compliance, or remediation
• Hands-on FedRAMP experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination
• Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates
• Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions)
• Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders
• Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field
• Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management
• Familiarity with NIST 800-171 and CMMC as complementary federal frameworks
• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
• Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses), or similar
• Ability to manage multiple priorities independently with minimal supervision
• Strong communication skills with the ability to translate federal compliance requirements into technical actions and executive-level summaries
• High energy and adaptability in a fast-paced, high-stakes compliance environment
• Strong collaboration and knowledge-sharing mindset across engineering, legal, and customer-facing teams
• Excellent time management and organizational skills — particularly for managing concurrent ConMon and audit cycles
• High attention to detail, integrity, and ethical standards consistent with handling federal data and programs
• Willingness to learn and take on new challenges as Workato's federal footprint grows

Nice To Haves

• This position requires overlap with U.S. Pacific Time (PST) working hours.
• Strong hands-on experience with FedRAMP, NIST 800-53, ISO 27001, NIST 800-171, PCI-DSS, SOC 2, and potentially IRAP is required.
• May involve some international travel.
• Must be eligible to work on U.S. federal government-related programs; ability to obtain or support federal security clearance processes is a plus.

Responsibilities

• Leading FedRAMP authorization efforts — including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action & Milestones (POA&M) management, and preparation for Third Party Assessment Organization (3PAO) engagements
• Owning continuous monitoring (ConMon) activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments
• Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts
• Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP
• Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated
• Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk
• Review contracts to ensure security and compliance requirements — including FedRAMP flow-down clauses — are met
• Identify control gaps and recommend improvements to enhance the organization's federal security posture
• Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers
• Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements
• Develop and track remediation plans for identified risks and POA&M items
• Maintain and update the risk register with federal risk considerations
• Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary
• Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines
• Support federal-facing sales and customer success discussions with compliance expertise
• Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows
• Build strong working relationships across departments and with federal agency AOs (Authorizing Officials)
• Take on additional responsibilities as needed

Benefits

• flexible scheduling
• wellness programs
• professional development
• learning development program
• health insurance
• dental insurance
• vision insurance
• life insurance
• disability insurance
• paid holidays
• employee discount programs