Senior GRC Analyst

Workato, Inc.

Job Overview

Location

Palo Alto, California

Job Type

Full-time

Full Job Description

📋 Description

• Lead FedRAMP authorization efforts including System Security Plan (SSP) development, Security Assessment Report (SAR) review, Plan of Action & Milestones (POA&M) management, and coordination with Third Party Assessment Organizations (3PAOs).
• Own continuous monitoring (ConMon) activities per FedRAMP requirements, including monthly vulnerability scanning, incident reporting, and annual assessments.
• Maintain and update all FedRAMP authorization documentation such as SSP, Configuration Inventory Sheet (CIS), Control Response Matrix (CRM), and associated artifacts.
• Lead internal and external audits for FedRAMP (NIST 800-53), ISO 27001/27701, PCI-DSS, NIST 800-171, and IRAP frameworks.
• Coordinate with process owners, control owners, 3PAOs, and federal agency stakeholders to track and remediate audit findings and compliance gaps.
• Conduct risk assessments, security audits, and third-party/vendor risk reviews focused on FedRAMP boundary and supply chain risk.
• Review contracts to ensure security and compliance requirements, including FedRAMP flow-down clauses, are properly addressed and enforced.
• Identify control gaps across security domains and recommend actionable improvements to strengthen the organization’s federal security posture.
• Communicate FedRAMP requirements, risks, and compliance status clearly to both technical teams and non-technical stakeholders, including federal agency customers.
• Perform regular user access reviews aligned with least-privilege principles and FedRAMP AC control requirements.
• Develop, track, and manage remediation plans for identified risks and POA&M items.
• Maintain and update the enterprise risk register with federal-specific risk considerations.
• Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary.
• Collaborate with engineering, infrastructure, and product teams to design and implement security controls aligned with NIST 800-53 baselines.
• Support federal-facing sales and customer success teams by providing compliance expertise during customer engagements.
• Explore and leverage AI/automation tools to enhance, streamline, or scale GRC and continuous monitoring workflows.
• Build and maintain strong working relationships across departments and with federal agency Authorizing Officials (AOs).
• Take on additional responsibilities as needed to support the growth and evolution of Workato’s federal compliance program.

🎯 Requirements

• 8+ years of experience in cybersecurity, audits, risk management, compliance, or remediation
• Hands-on FedRAMP experience required — including direct involvement in FedRAMP authorization (Moderate or High baseline preferred), SSP authoring, POA&M management, or 3PAO coordination
• Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays, guidance, and templates
• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field
• Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders
• Relevant certifications strongly preferred: CISSP, CISA, FedRAMP-specific training (e.g., FedRAMP PMO courses), or similar

🏖️ Benefits

• Flexible, trust-oriented culture that empowers employees to take full ownership of their roles
• Emphasis on balancing productivity with self-care
• Vibrant and dynamic work environment
• Opportunity to work with a company recognized as a Forbes Cloud 100 member and Deloitte Tech Fast 500 winner
• Support for remote work, with the company ranked #1 best company for remote workers by Quartz
• Potential for international travel

Skills & Technologies

AWS

Azure

GCP

Senior

Remote

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Workato, Inc.

Visit Website

About Workato, Inc.

Workato provides low-code/no-code enterprise automation and integration software that connects applications, data, and business processes across cloud and on-premises systems. Its platform offers pre-built connectors, recipes, and AI-powered workflow orchestration for finance, HR, IT, sales, support, and marketing functions. The company enables organizations to automate tasks without extensive coding, reducing manual effort and accelerating digital transformation initiatives. Workato serves mid-market to large enterprises worldwide through a subscription-based SaaS model, emphasizing security, governance, and scalability for complex integrations.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.