Senior GRC Analyst at Workato

<div class="content-intro"><h1><span style="font-family: helvetica, arial, sans-serif;"><strong>About Workato</strong></span></h1> <p>Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform. A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato’s cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale. With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business. To learn more, visit <span><a href="http://www.workato.com" target="_blank">www.workato.com</a></span></p> <h1><strong>Why join us?</strong></h1> <p><span style="font-weight: 400;">Ultimately, Workato believes in fostering a </span><strong>flexible, trust-oriented culture that empowers everyone to take full ownership of their roles</strong><span style="font-weight: 400;">. We are driven by </span><strong>innovation </strong><span style="font-weight: 400;">and looking for</span><strong> team players </strong><span style="font-weight: 400;">who want to actively build our company.&nbsp;</span></p> <p><span style="font-weight: 400;">But, we also believe in </span><strong>balancing productivity with self-care</strong><span style="font-weight: 400;">. That’s why we offer all of our employees a vibrant and dynamic work environment </span><a href="http://www.workato.com/careers"><span style="font-weight: 400;">along with a multitude of benefits</span></a><span style="font-weight: 400;"> they can enjoy inside and outside of their work lives.&nbsp;</span></p> <p><span style="font-weight: 400;">If this sounds right up your alley, please submit an application. We look forward to getting to know you!</span></p> <p><span style="font-weight: 400;">Also, feel free to check out why:</span></p> <ul> <li style="font-weight: 400;"> <p><a href="https://www.businessinsider.com/47-enterprise-startups-to-bet-your-career-on-in-2020-2019-12"><span style="font-weight: 400;">Business Insider</span></a><span style="font-weight: 400;"> named us an “enterprise startup to bet your career on”</span></p> </li> <li style="font-weight: 400;"> <p><a href="https://www.forbes.com/cloud100/#a57477b5f941"><span style="font-weight: 400;">Forbes’ Cloud 100</span></a><span style="font-weight: 400;"> recognized us as one of the top 100 private cloud companies in the world</span></p> </li> <li style="font-weight: 400;"> <p><a href="https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/fast500-winners.html"><span style="font-weight: 400;">Deloitte Tech Fast 500</span></a><span style="font-weight: 400;"> ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America</span></p> </li> <li> <p><a href="https://qz.com/work/2053446/the-best-companies-for-working-from-home/"><span style="font-weight: 400;">Quartz</span></a><span style="font-weight: 400;"> ranked us the #1 best company for remote workers</span></p> </li> </ul></div><h1><strong>Responsibilities</strong></h1> <p>We are looking for an exceptional <strong>Senior GRC Analyst </strong>to join our growing team. In this role, you will lead compliance assessments for frameworks such as <strong>NIST 800-171</strong>,<strong> ISO 27001</strong>,<strong> NIST 800-53 (FedRAMP)</strong>,<strong> PCI</strong>,<strong> MLPS and IRAP</strong>, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:</p> <ul> <li> <p>Lead and participate in both internal and external audits for frameworks including <strong>ISO 27001/27701</strong>,<strong> PCI-DSS</strong>,<strong> NIST 800-171</strong>,<strong> NIST 800-53 (FedRamp)</strong>,<strong> and IRAP</strong></p> </li> <li> <p>Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows</p> </li> <li> <p>Manage and oversee risk, compliance, and governance initiatives across teams</p> </li> <li> <p>Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed</p> </li> <li> <p>Conduct risk assessments, security audits, and third-party/vendor risk reviews</p> </li> <li> <p>Review contracts to ensure security and compliance requirements are met</p> </li> <li> <p>Identify process gaps and recommend improvements to enhance the organization’s security posture</p> </li> <li> <p>Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders</p> </li> <li> <p>Perform regular user access reviews</p> </li> <li> <p>Develop and track remediation plans for identified risks and issues</p> </li> <li> <p>Maintain and update the risk register</p> </li> <li> <p>Oversee vendor security assurance processes</p> </li> <li> <p>Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards</p> </li> <li> <p>Support risk and security discussions across cross-functional teams</p> </li> <li> <p>Build strong working relationships across departments</p> </li> <li> <p>Take on additional responsibilities as needed</p> </li> </ul> <h1><strong>Requirements</strong></h1> <h3><strong>Qualifications / Experience / Technical Skills</strong></h3> <p><strong>Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)</strong></p> <ul> <li> <p><strong>8+ years of experience</strong> in cybersecurity programs, audits, risk management, compliance, or remediation</p> </li> <li> <p>Experience working with cloud platforms such as AWS, Azure, or Google Cloud</p> </li> <li> <p>Proven ability to negotiate and prioritize risk remediation with internal stakeholders</p> </li> <li> <p>Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field</p> </li> <li> <p>Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management</p> </li> <li> <p>Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)</p> </li> <li> <p>Experience auditing frameworks such as <strong>PCI-DSS</strong>,<strong> SOC 2</strong>,<strong> and ISO 27001/27701</strong></p> </li> <li> <p>Relevant certifications (<strong>CISSP</strong>, <strong>CISA</strong>, <strong>PCI ISA</strong>,<strong> ISO</strong>, or similar) are preferred</p> </li> <li> <p>Ability to manage multiple priorities independently with minimal supervision</p> </li> </ul> <h3><strong>Soft Skills / Personal Characteristics</strong></h3> <ul> <li> <p>Strong communication skills with the ability to translate compliance requirements into technical actions</p> </li> <li> <p>High energy and adaptability in a fast-paced environment</p> </li> <li> <p>Strong collaboration and a knowledge-sharing mindset</p> </li> <li> <p>Excellent time management and organizational skills</p> </li> <li> <p>High attention to detail, integrity, and ethical standards</p> </li> <li> <p>Willingness to learn and take on new challenges</p> </li> </ul> <h3><strong style="font-size: 14px;">Additional requirements</strong></h3> <ul> <li> <p>May involve some international travel</p> </li> <li> <p>This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from <strong>2:00 PM to 11:00 PM IST</strong>.</p> </li> <li> <p>Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.</p> </li> </ul> <h3><strong style="font-size: 14px;">To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.</strong></h3> <p><strong>(REQ ID: 2760)</strong></p>