other
Posted 4 hours agoSenior GRC Analyst
at Workato
Palo Alto, United StatesOn-site
Responsibilities
- Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts •
- Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP •
- Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated •
- Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk •
- Review contracts to ensure security and compliance
- Identify control gaps and recommend improvements to enhance the organization's federal security posture •
- Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements •
- Develop and track remediation plans for identified risks and POA&M items •
- Maintain and update the risk register with federal risk considerations •
- Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary •
- Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines •
- Support federal-facing sales and customer success discussions with compliance expertise •
- Build strong working relationships across departments and with federal agency AOs (Authorizing Officials) •
Requirements
- Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform.
- With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business.
- This role will lead FedRAMP readiness, authorization, and continuous monitoring activities in alignment with NIST 800-53 requirements, while also supporting broader compliance frameworks including ISO 27001, NIST 800-171, PCI-DSS, and IRAP.
- Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows •
- experience in cybersecurity, audits, risk management, compliance, or remediation • Hands-on FedRAMP
- experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination •
- Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates •
- Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions) •
- Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders •
- Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field •
- Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management •
- Familiarity with NIST 800-171 and CMMC as complementary federal frameworks •
- Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701 •
- Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses) , or similar •
- Ability to manage multiple priorities independently with minimal supervision
- Strong communication skills with the ability to translate federal compliance
- experience with FedRAMP, NIST 800-53, ISO 27001, NIST 800-171, PCI-DSS, SOC 2, and potentially IRAP is required. •
- Must be eligible to work on U.S. federal government-related programs; ability to obtain or support federal security clearance processes is a plus. (REQ ID: 2761) #LI-NJ1
Experience
- Experience / Technical Skills • 8+ years of
Contact
- To learn more, visit www.workato.com Why join us?
Additional details
- A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato’s cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale.
- Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles .
- We are driven by innovation and looking for team players who want to actively build our company.
- But, we also believe in balancing productivity with self-care . That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of
- benefits they can enjoy inside and outside of their work lives.
- If this sounds right up your alley, please submit an application. We look forward to getting to know you!
- Business Insider named us an “enterprise startup to bet your career on” •
- Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world •
- Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America •
- Quartz ranked us the #1 best company for remote workers Responsibilities