Security GRC Architect


September 14, 2021

Do what you love. Love what you do.

At Workday, we help the world’s largest organizations adapt to what’s next by bringing finance, HR, and planning into a single enterprise cloud. We work hard, and we’re serious about what we do. But we like to have fun, too. We put people first, celebrate diversity, drive innovation, and do good in the communities where we live and work.
About the Team
The mission of our team is to create a world class Cybersecurity risk management program to protect Workday by driving Security strategy and enabling the Business to make data and risk-based decisions to achieve its objectives.
About the Role
The Security GRC Architect will be responsible for the integration of the Security Risk and Governance functions into the broader Enterprise GRC program. The aforementioned functions include Policies and Standards Management, Communication and Awareness, Risk Management, Issues & Exceptions and Controls Management.
The primary objective of this role is to provide subject matter expertise in such Security GRC topics to ensure continuous alignment and improvements of GRC processes between various stakeholders.Evaluating the selection, implementation and adoption of a GRC tool to support these business processes.
As a key member of the Information Security Risk Management team, this role will closely work with and influence leaders across Workday, including Security Governance, Enterprise Risk Management, Internal Audit, Compliance, Cloud Operations, Business Technology and Product.
  • Help build and mature Security GRC processes based on industry best practices, including Controls Management, Audit Management, Risk Oversight, Issues & Exceptions Management, Policy Management, etc.
  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the process integration of Security GRC programs with ERM, IA, Compliance & Privacy.
  • Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
  • Lead the conversation for the successful implementation and maintenance of a GRC tool that supports our Security GRC processes
  • Provide support, education and training to staff around Security GRC processes and tools
  • Works on multiple Security GRC projects as the subject matter expert

About You
Basic Qualifications
  • Highly proficient in Security GRC frameworks such as ISO 27001, NIST 800 series
  • Strong technical skills but equally comfortable interacting with senior business leaders
  • FAIR, CRISC, CISSP, SANS GSEC or equivalent certifications
  • Experience in the implementation of OneTrust, AuditBoard, Archer or similar GRC tools
  • Excellent communication skills for interacting with both technical and business professionals

Other Qualifications

  • Bachelor’s degree or higher in a relevant field

  • 8+ years of experience in Information Security Risk Management or a security related role

  • Knowledge of public cloud platforms and related security topics

  • Experience in Software as a Service organizations is a plus

  • Comfortable dealing with ambiguity, change and conflicting priorities

  • Ability to make high quality decisions with limited information

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.