Workato20.05.2026
Senior GRC Analyst
Palo Alto
Обязанности
- 01Leading FedRAMP authorization efforts — including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action & Milestones (POA&M) management, and preparation for Third Party Assessment Organization (3PAO) engagements
- 02Owning continuous monitoring (ConMon) activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments
- 03Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts
- 04Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP
- 05Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated
- 06Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk
- 07Review contracts to ensure security and compliance requirements — including FedRAMP flow-down clauses — are met
- 08Identify control gaps and recommend improvements to enhance the organization's federal security posture
- 09Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers
- 10Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements
- 11Develop and track remediation plans for identified risks and POA&M items
- 12Maintain and update the risk register with federal risk considerations
- 13Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary
- 14Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines
- 15Support federal-facing sales and customer success discussions with compliance expertise
- 16Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows
- 17Build strong working relationships across departments and with federal agency AOs (Authorizing Officials)
- 18Take on additional responsibilities as needed
Требования
- 018+ years of experience in cybersecurity, audits, risk management, compliance, or remediation
- 02Hands-on FedRAMP experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination
- 03Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates
- 04Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions)
- 05Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders
- 06Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field
- 07Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management
- 08Familiarity with NIST 800-171 and CMMC as complementary federal frameworks
- 09Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
- 10Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses) , or similar
- 11Ability to manage multiple priorities independently with minimal supervision
Условия
- 01Flexible, trust-oriented culture
- 02Vibrant and dynamic work environment
- 03Multitude of benefits they can enjoy inside and outside of their work lives
- 04Balancing productivity with self-care