Jobs · Business Development · California

Senior GRC Analyst

Workato · Palo Alto, CA · 1 wk ago
Business DevelopmentFull-time

Responsibilities

  • Lead FedRAMP readiness, authorization, and continuous monitoring activities in alignment with NIST 800-53 requirements.
  • Support broader compliance frameworks including ISO 27001, NIST 800-171, PCI-DSS, and IRAP.
  • Own continuous monitoring (ConMon) activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments.
  • Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts.
  • Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated.
  • Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk.
  • Review contracts to ensure security and compliance requirements — including FedRAMP flow-down clauses — are met.
  • Identify control gaps and recommend improvements to enhance the organization's federal security posture.
  • Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers.
  • Develop and track remediation plans for identified risks and POA&M items.
  • Maintain and update the risk register with federal risk considerations.
  • Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary.
  • Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines.
  • Support federal-facing sales and customer success discussions with compliance expertise.
  • Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows.
  • Build strong working relationships across departments and with federal agency AOs (Authorizing Officials).

Requirements

  • 8+ years of experience in cybersecurity, audits, risk management, compliance, or remediation.
  • Hands-on FedRAMP experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination.
  • Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates.
  • Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions).
  • Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders.
  • Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field.
  • Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management.
  • Familiarity with NIST 800-171 and CMMC as complementary federal frameworks.
  • Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses), or similar.
  • Strong communication skills with the ability to translate federal compliance requirements into technical actions and executive-level summaries.
  • High energy and adaptability in a fast-paced, high-stakes compliance environment.
  • Strong collaboration and knowledge-sharing mindset across engineering, legal, and customer-facing teams.
  • Excellent time management and organizational skills — particularly for managing concurrent ConMon and audit cycles.
  • High attention to detail, integrity, and ethical standards consistent with handling federal data and programs.
  • Willingness to learn and take on new challenges as Workato's federal footprint grows.

Similar jobs

Senior GRC Analyst

KokosingWesterville, OH· 1 mo ago
Business Developmentapply on kokosing.wd5.myworkdayjobs.com

Senior GRC Analyst

BenepassUnited States· 6 days ago
RemoteBusiness Development$130k–$160k/yrapply on jobs.ashbyhq.com

Senior GRC Analyst

RadarNew York, NY· 1 wk ago
Business Development$125k–$160k/yrapply on jobs.ashbyhq.com

Senior GRC Analyst

ClaycoPhoenix, AZ· 1 mo ago
Information Technology$8.1/hrapply on jobs.crelate.com

Senior GRC Analyst

ClaycoSt Louis, MO· 1 mo ago
Information Technology$8.1/hrapply on jobs.crelate.com

Senior GRC Analyst

ClaycoAtlanta, GA· 1 mo ago
Information Technology$8.1/hrapply on jobs.crelate.com