GRC Specialist, Cybersecurity Risk Management

Your work days are brighter here.

At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.

At Workday, we value our candidates’ privacy and data security.  Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. 

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.

About the Team

Love what you do!
Cybersecurity GRC & Trust (cGRC&T) is dedicated to maintaining, enhancing and protecting trust in Workday. Every cGRC workmate contributes by building and managing programs designed to protect the confidentiality, integrity and availability (CIA) of our customers’ most sensitive data and representing those programs externally via external audits and certifications. The cGRC team serves as a trusted advisor across Workday to help maintain and enhance trust for our customers.
Within cGRC&T, the Cybersecurity Risk team focuses on cybersecurity risk management and oversight. The team regularly performs security maturity assessments, risk assessments, evaluates security exceptions, and advises stakeholders on best practices. Other activities include aggressive risk management, maturity work and integration with the first line of defense processes.

About the Role

The ideal candidate brings an understanding of cyber risk management frameworks and solutions, with the ability to translate them into business value through quantitative analysis and out of the box thinking. This candidate needs to approach risk evaluations through the lens of an adversary to understand the entire attack surface and attack vectors in order to provide a holistic perspective of risk at an aggregate level. To succeed with this methodology the candidate must be proficient in knowledge of cybersecurity technology to hold meaningful conversations with cyber engineers yet well versed in business and risk management practices to translate those technical considerations into risk scenarios and impacts non-technical decision makers can understand. While risk management experience would be beneficial we encourage candidates with cybersecurity engineering or analyst backgrounds to apply as this role will require sufficient technical knowledge. 
​As a GRC Specialist, you will:

• Build and operate our cyber risk assessment programs, and identify opportunities to improve our methodologies and processes iteratively

• Able to independently conduct Cybersecurity risk assessments across Workday identifying gaps in security posture and recommending compensating controls.

• Ensure risks are identified, centrally registered and tracked using a consistent methodology and lifecycle management

• Provide Risk Advisory support to Workday’s Business units.

• Supervise the implementation of mitigating projects and their impact in reducing security risk, assessing the impact to risk mitigation

• Craft and prepare reports, heatmaps and presentations for different audiences throughout the organization including risk owners, senior leaders, audit committee, etc.

• Work on multiple Information Security Risk Management projects as the domain expert

•  Build positive relationships with business partners

This position will report directly to the Director of Cybersecurity Risk.

About You

Basic Qualifications

• Bachelor’s degree in cybersecurity, computer science, or a related field 

• 3+ years in Information Security, Security, or a related engineering role in a technical environment.

​Other Qualifications

• Demonstrated ability providing risk based security recommendations

• Knowledge of NIST 800 - 53, NIST 800 - 30, and NIST CSF 2.0 preferred

• CRISC, CEH, OSCP, PEN+, CASP+ or similar certifications highly desired

• Skilled at big picture holistic thinking

• Deep technical skills but equally comfortable interacting with senior business leaders.

• Excellent collaboration, executive presence, and storytelling skills

• Enthusiastic about all things cybersecurity with a desire for continuous learning

• Active in the cybersecurity community participating in activities such as CTF’s and security conferences 

• Experience in Software as a Service is a plus.

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below.  Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please click here.

Primary Location: USA.GA.Atlanta

Primary Location Base Pay Range: $106,300 USD - $159,500 USD

Additional US Location(s) Base Pay Range: $101,000 USD - $179,400 USD

Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!