Lead and engage in internal and external audits covering standards such as ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRAMP), and IRAP
Explore or apply AI-driven and automation technologies to improve GRC workflows and operational efficiency
Oversee governance, risk, and compliance programs across departments and functional teams
Collaborate with process and control owners, auditors, and consultants to monitor and resolve audit findings
Carry out risk evaluations, security assessments, and third-party vendor risk analyses
Evaluate vendor and partner contracts to confirm alignment with security and compliance policies
Detect inefficiencies in current processes and propose enhancements to strengthen security
Clearly convey compliance obligations and risk implications to both technical and non-technical audiences
Conduct periodic reviews of user access rights across systems and applications
Create and manage action plans to resolve identified risks and compliance gaps
Keep the organization’s risk register current and accurately documented
Manage and supervise vendor security assurance procedures
Work with internal teams to design and deploy internal controls consistent with regulatory requirements
Support security and risk-related discussions across engineering, product, and operations teams
Foster collaborative relationships across departments to drive compliance initiatives
Assume additional duties as assigned to support organizational objectives

Minimum of 8 years of experience in cybersecurity, risk management, compliance, audit, or remediation activities
Hands-on experience with cloud infrastructure platforms like AWS, Azure, or Google Cloud
Demonstrated skill in negotiating and prioritizing risk mitigation efforts with internal teams
Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related discipline
Solid knowledge of security controls, including cloud security, firewalls, intrusion detection/prevention systems, and vulnerability management
Familiarity with NIST 800-171 and the NIST Risk Management Framework (NIST 800-53)
Experience conducting audits under frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
Proven experience executing audits for PCI, ISO 27001, NIST 800-171, FedRAMP, SOC 2, and IRAP

Hold relevant certifications such as CISSP, CISA, PCI ISA, ISO lead auditor, or equivalent

8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation
Experience working with cloud platforms such as AWS, Azure, or Google Cloud
Proven ability to negotiate and prioritize risk remediation with internal stakeholders
Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field
Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management
Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)
Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required

Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

Workato is hiring a Senior GRC Analyst