Sr. Principal, GRC

WorkdayBoulder, CO
$196,498 - $287,400Hybrid

About The Position

Contribute to Workday’s cybersecurity compliance posture by leading and executing critical Cybersecurity Governance, Risk, and Compliance (cGRC) initiatives. Develop and maintain cybersecurity compliance frameworks, policies, and procedures to ensure adherence to global regulatory compliance requirements, particularly Network and Information Security Directive (NIS2), Digital Operational Resilience Act (DORA), Security of Critical Infrastructure Act (SOCI), Cybersecurity Resilience Act (CRA). Enable and maintain Workday’s Public Sector offerings through certifications, continuous monitoring, consultation and deep stakeholder alignment. Act as a trusted advisor across Workday to help maintain and enhance customer's trust through various global compliance programs including UK Public Sector Procurement Frameworks (G-Cloud and Back Office Software frameworks) and cybersecurity certification schemes like BSI C5 (Germany), IRAP (Australia), ENS (Spain). Conduct strategic analysis of Workday's control and technical landscape to identify automation opportunities for the GRC team, evaluate the potential of AI-driven efficiencies, and assess the ROI of GRC automation tools like OneTrust and TrustCloud. As part of the Shift-Left initiative, leverage a deep understanding of Workday's SDLC, LaunchPad and Secure Development Engagement Lifecycle processes to integrate cybersecurity control requirements, ensuring streamlined audit readiness and driving process optimization.

Requirements

  • Bachelor's degree in Computer Engineering, Computer Science, Management Information Systems or related field plus seven (7) years, progressive, post-baccalaureate work experience in the job offered or in a Sr. Principal, GRC-related occupation.
  • 7 years (84 months) of experience in EMEA cybersecurity standards and procurement frameworks including G-Cloud, Cyber Essentials Plus, Back Office Software, BSI C5, ENS, TISAX, EU Cloud Code of Conduct, and GDPR.
  • 7 years (84 months) of experience in international industry security and privacy compliance standards including ISO 27001, ISO27017, ISO27018, ISO 27701, SOC1 and SOC2+.
  • 7 years (84 months) of experience in facilitating and managing security and compliance audits (including customer onsite audits).
  • 7 years (84 months) of experience in industry-specific regulatory compliance knowledge such as NIS2, DORA, and CRA.
  • 7 years (84 months) of experience in program/project management experience.
  • 7 years (84 months) of experience in cloud computing and Software as a Service, particularly risk models and controls related to these services.
  • 7 years (84 months) of experience in legal/operational commitments of SaaS organizations and the shared security responsibilities between customers and service providers.
  • 7 years (84 months) of experience with capability to map nuances of individual product lines within a large organization and determine applicability to security certification and attesting frameworks.

Responsibilities

  • Lead and execute critical Cybersecurity Governance, Risk, and Compliance (cGRC) initiatives.
  • Develop and maintain cybersecurity compliance frameworks, policies, and procedures.
  • Ensure adherence to global regulatory compliance requirements, particularly NIS2, DORA, SOCI, and CRA.
  • Enable and maintain Workday’s Public Sector offerings through certifications, continuous monitoring, consultation, and stakeholder alignment.
  • Act as a trusted advisor for global compliance programs including UK Public Sector Procurement Frameworks (G-Cloud and Back Office Software frameworks) and cybersecurity certification schemes like BSI C5, IRAP, and ENS.
  • Conduct strategic analysis of Workday's control and technical landscape to identify automation opportunities for the GRC team.
  • Evaluate the potential of AI-driven efficiencies in GRC.
  • Assess the ROI of GRC automation tools like OneTrust and TrustCloud.
  • Integrate cybersecurity control requirements into Workday's SDLC, LaunchPad, and Secure Development Engagement Lifecycle processes as part of the Shift-Left initiative.
  • Ensure streamlined audit readiness and drive process optimization.

Benefits

  • Workday Bonus Plan or a role-specific commission/bonus
  • Annual refresh stock grants
  • Comprehensive benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service