Your work days are brighter here.
At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
About the Team
Come join Workday! As part of the Product & Compliance team dedicated to our Government Industry Vertical within the Product & Technology Organization, you will play a crucial role in driving our growth strategy within this key market. Our mission is to accelerate the adoption and success of Workday solutions within government agencies by encouraging seamless teamwork across product development, compliance, and go-to-market teams.The charter includes compliance with Federal security standards (e.g. Fedramp - IL2/IL4, Secret, Top Secret) in addition to ensuring coverage of Federal OPM mandates and specific requirements across Payroll, Benefits, Workforce Management, Financials required to power the Federal Government etc. The goal is to have both a near term view and a long term view of the business while monitoring evolutions in the Federal business landscape.
About the Role
Workday is seeking a highly motivated and proactive Security and Compliance leader to join our dedicated Product & Compliance team within the Government Industry Vertical. In this crucial role, you will serve as a key partner to our product teams (HCM and Financials), expertly navigating compliance requirements (e.g. FedRAMP, IL4, IL5, Secret, Top Secret, etc.) with a deep understanding of NIST 800-53, as well as building and managing a team of product compliance experts.
Key Responsibilities:
Team Management & Leadership: Hire, manage, mentor, and grow a team of compliance professionals, fostering a culture of continuous learning and accountability to ensure all security and compliance objectives are met efficiently.
Security Engineering: Work with engineering teams to ensure that systems are architected, implemented and operate in compliance with relevant security standards including FedRAMP/FISMA High, DoD IL-4/5, NIST 800-53 R5, ISO 27000 and others.
Compliance Engineering: Establish baseline engineering requirements for compliance to build secure solutions for Government Cloud environments.
Risk & Audit Management: Establish Risk Management strategy, coordinating with external assessors and advisory firms that provide security audits and risk assessments. Supervise mitigation plans, ensuring timely remediation of risks.
GRC Oversight: Establish and govern a common controls strategy to ensure security and compliance across Workday’s environments with relevant internal and external security frameworks.
Collaborator Collaboration: Partner with cross-functional teams, including product security, engineering, legal, and external regulatory bodies, to align compliance initiatives with business objectives.
Build and Maintain External Partnerships: Maintain and lead partnerships with customer US Federal Government agencies and the FedRAMP PMO, staying atop of all industry updates and changes to the program.
Process Optimization: Drive efficiencies in compliance assessments, including the implementation of innovative ways to meet and exceed security requirements.
Incident Response & Threat Management: Provide executive-level guidance on incident response and security forensics, ensuring alignment with compliance frameworks.
Policy & Governance: Own the development of security policies, procedures, and reporting mechanisms to meet relevant regulatory and customer requirements
About You
You are a meticulous security leader who thrives in regulated environments and understands the intricacies of cloud compliance. You know how to communicate complex security concepts to both engineers and executives. You bring a pragmatic, risk-based approach to compliance and are passionate about building secure systems that meet the needs of public sector customers.
Basic Qualifications
10+ years of experience in cybersecurity engineering for complex enterprise systems for regulated industries
5+ years experience working with regulatory compliance frameworks (e.g. NIST 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRAMP, DOD SRG IL4/IL5, PCI, etc.)
2+ years experience managing teams
US Citizenship and ability to acquire/maintain a security clearance
Other Qualifications
Experience in architecting secure solutions using cloud native technologies (including CI/CD pipelines, microservices, etc.)
Experience in building secure solutions in cloud environments (like AWS/GCP/Azure) that align with FedRAMP High requirements.
Proven leadership experience in driving cross-functional compliance initiatives.
Exceptional ability to communicate and influence collaborators at all levels, including senior executives.
Experience working with the FedRAMP PMO, FedRAMP JAB, and DISA Cloud Assessment Division is a plus.
Deep technical knowledge application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS
Industry certifications such as CISA, CISSP, CCSK, or equivalent are desirable.
Workday Pay Transparency Statement
The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please click here.
Primary Location: USA.MD.Home Office Washington DC Metro
Additional Considerations:
If performed in Colorado, the pay range for this job is $203,200 - $304,800 USD based on min and max pay range for that role if performed in CO.The application deadline for this role is the same as the posting end date stated as below:
Our Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.
Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
Workday Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Workday and has not been reviewed or approved by Workday.
-
Healthcare Strength — Health coverage is positioned as broad and well-supported, with multiple medical carrier options, virtual care access, and some locations offering onsite clinic/pharmacy services. Mental health support is described as notably strong, including therapy sessions and confidential support availability for household members.
-
Parental & Family Support — Family-related benefits are portrayed as extensive, including paid bonding and caregiver leave alongside fertility, adoption, and surrogacy reimbursement. Added support like parenting resources, milk-shipping/lactation assistance during travel, and backup child/elder care is explicitly outlined.
-
Strong & Reliable Incentives — Equity participation and savings-oriented programs are presented as meaningful components of total rewards, including an ESPP discount with a lookback feature. Additional programs like a student-loan pathway to earn the 401(k) match are included as financial-support enhancements.
Workday Insights
Similar Jobs
What We Do
Workday is a leading provider of enterprise cloud applications for finance, HR, and planning. Founded in 2005, Workday delivers financial management, human capital management, and analytics applications designed for the world’s largest companies, educational institutions, and government agencies. Organizations ranging from medium-sized businesses to Fortune 50 enterprises have selected Workday.
