Senior GRC Analyst

Responsibilities

Workato is seeking a detail-oriented, highly motivated, technology-savvy and passionate Senior GRC Analyst professional who wants to support, promote and further mature the company's security GRC program.

Responsible for leading NIST 800-171, NIST 800-53, and IRAP assessments and certification.

Responsible for executing various security compliance initiatives such as risk assessments, security control audits and 3rd party risk assessments. You will use your strong communication, analytical and troubleshooting abilities to quickly identify and report on controls from various security domains, control and/or process gaps and to identify process and technology opportunities.

Primary responsibilities include, but are not limited to:

• Lead internal and external audits related to ISO 27001/ISO 27701, PCI-DSS, NIST 800-171, NIST 800-53, and IRAP.

• Overseeing risk, compliance, and governance programs across departments

• Leverage broad experience to coordinate work assignments with process owners, control owners, external auditors, and consultants to ensure issues are documented and monitored.

• Document and perform assessments as needed and review contracts for security requirements.

• Exhibit strategic agility and proactively identify and correct process gaps and improvements to further the maturity of Workato’s information security program in alignment with company goals and objectives.

• Clearly and effectively communicate security issues and risks to diverse audiences and ensure compliance with applicable controls based on a unified framework.

• Conduct periodic user access reviews

• Support developing remediation plans for issues and risks, coordinate activities with control owners, and track remediation to completion.

• Maintaining and documenting the risk register.

• Oversight of the vendor security assurance program

• Ability to work independently and as part of a team with a professional attitude and demeanor

• Partner with stakeholders to design internal controls based on regulatory requirements and best practices for ongoing risk mitigation of information systems.

• Support and guide information risk and security discussions with technical and non-technical groups

• Build and cultivate positive working relationships with stakeholders across various teams.

• Performs other related duties as assigned.

RequirementsQualifications / Experience / Technical Skills

• 8+ years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.

• Relevant experience working with AWS, Azure, Google or any other cloud computing environment.

• Experience negotiating prioritization of risks and remediation findings with internal teams.

• B.S. degree in Management Information Systems, Computer Science, Information Security, or any security technology-related field

• Solid understanding of technical security controls related to perimeter security operations, including Cloud service providers, firewalls, IDS/IPS, Vulnerability Management, and services offered by cloud service providers. Ability to prioritize and multitask with minimal supervision.

• Excellent skills in troubleshooting, problem-solving, analytical thinking, and project management

• Technical knowledge/Experience in security control technologies such as firewalls, IDS, DLP, Vulnerability Management, AWS environment, Application Security, Monitoring and logging tools,  etc.

• Working knowledge of the controls and implementation of DFARS Clause 252.204-7012 (NIST 800-171) and NIST Risk Management Framework (NIST 800-53)

• Experience auditing security standards/frameworks such as PCI-DSS, SOC, and ISO 27001/27701, etc.

• CISSP, CISA, PCI ISA, PCIP, CMMC RP, or similar security certifications preferred

• It may require working outside of normal business hours periodically

• It may require some international travel

Soft Skills / Personal Characteristics

• Excellent communication skills that translate compliance requests into technical recommendations. 

• High level of energy and a desire to thrive in a fast-paced organization; ability to balance multiple projects under pressure

• Excellent team player with a willingness to share knowledge with others.

• Excellent personal and time management skills

• Very high attention to detail, high integrity, and business ethics

• Willing to learn and take on new responsibilities