jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

other

Posted 4 hours ago

Senior GRC Analyst

at Workato

Palo Alto, United StatesOn-site

Responsibilities

  • Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts •
  • Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP •
  • Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated •
  • Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk •
  • Review contracts to ensure security and compliance
  • Identify control gaps and recommend improvements to enhance the organization's federal security posture •
  • Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements •
  • Develop and track remediation plans for identified risks and POA&M items •
  • Maintain and update the risk register with federal risk considerations •
  • Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary •
  • Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines •
  • Support federal-facing sales and customer success discussions with compliance expertise •
  • Build strong working relationships across departments and with federal agency AOs (Authorizing Officials) •

Requirements

  • Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform.
  • With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business.
  • This role will lead FedRAMP readiness, authorization, and continuous monitoring activities in alignment with NIST 800-53 requirements, while also supporting broader compliance frameworks including ISO 27001, NIST 800-171, PCI-DSS, and IRAP.
  • Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows •
  • experience in cybersecurity, audits, risk management, compliance, or remediation • Hands-on FedRAMP
  • experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination •
  • Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates •
  • Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions) •
  • Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders •
  • Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field •
  • Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management •
  • Familiarity with NIST 800-171 and CMMC as complementary federal frameworks •
  • Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701 •
  • Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses) , or similar •
  • Ability to manage multiple priorities independently with minimal supervision
  • Strong communication skills with the ability to translate federal compliance
  • experience with FedRAMP, NIST 800-53, ISO 27001, NIST 800-171, PCI-DSS, SOC 2, and potentially IRAP is required. •
  • Must be eligible to work on U.S. federal government-related programs; ability to obtain or support federal security clearance processes is a plus. (REQ ID: 2761) #LI-NJ1

Experience

  • Experience / Technical Skills • 8+ years of

Contact

  • To learn more, visit www.workato.com Why join us?

Additional details

  • A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato’s cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale.
  • Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles .
  • We are driven by innovation and looking for team players who want to actively build our company.
  • But, we also believe in balancing productivity with self-care . That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of
  • benefits they can enjoy inside and outside of their work lives.
  • If this sounds right up your alley, please submit an application. We look forward to getting to know you!
  • Business Insider named us an “enterprise startup to bet your career on” •
  • Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world •
  • Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America •
  • Quartz ranked us the #1 best company for remote workers Responsibilities

Find more real-time jobs on JobLoom.