Workato20.05.2026

Senior GRC Analyst

Palo Alto

Обязанности

  • 01Leading FedRAMP authorization efforts — including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action & Milestones (POA&M) management, and preparation for Third Party Assessment Organization (3PAO) engagements
  • 02Owning continuous monitoring (ConMon) activities in accordance with FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments
  • 03Maintain and update FedRAMP authorization documentation, including SSP, CIS, CRM, and associated artifacts
  • 04Lead internal and external audits for frameworks including FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP
  • 05Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to ensure findings are tracked and remediated
  • 06Conduct risk assessments, security audits, and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk
  • 07Review contracts to ensure security and compliance requirements — including FedRAMP flow-down clauses — are met
  • 08Identify control gaps and recommend improvements to enhance the organization's federal security posture
  • 09Communicate FedRAMP requirements, risks, and compliance status clearly to both technical and non-technical stakeholders, including federal agency customers
  • 10Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements
  • 11Develop and track remediation plans for identified risks and POA&M items
  • 12Maintain and update the risk register with federal risk considerations
  • 13Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary
  • 14Collaborate with engineering, infrastructure, and product teams to design and implement controls aligned with NIST 800-53 baselines
  • 15Support federal-facing sales and customer success discussions with compliance expertise
  • 16Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and ConMon workflows
  • 17Build strong working relationships across departments and with federal agency AOs (Authorizing Officials)
  • 18Take on additional responsibilities as needed

Требования

  • 018+ years of experience in cybersecurity, audits, risk management, compliance, or remediation
  • 02Hands-on FedRAMP experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination
  • 03Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates
  • 04Experience working with cloud platforms such as AWS GovCloud, Azure Government, or Google Cloud (government regions)
  • 05Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders
  • 06Bachelor's degree in Information Systems, Computer Science, Information Security, or a related field
  • 07Strong understanding of security controls in cloud environments, including boundary definition, encryption, access control, and vulnerability management
  • 08Familiarity with NIST 800-171 and CMMC as complementary federal frameworks
  • 09Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
  • 10Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses) , or similar
  • 11Ability to manage multiple priorities independently with minimal supervision

Условия

  • 01Flexible, trust-oriented culture
  • 02Vibrant and dynamic work environment
  • 03Multitude of benefits they can enjoy inside and outside of their work lives
  • 04Balancing productivity with self-care