IT Risk Principal, BT Risk Management

Your work days are brighter here.

Were obsessed with making hard work pay off for our people our customers and the world around us. As a Fortune 500 company and a leading AI platform for managing people money and agents were shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join youll feel it. Not just in the products we build but in how we show up for each other. Our culture is rooted in integrity empathy and shared enthusiasm. Were in this together tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether youre building smarter solutions supporting customers or creating a space where everyone belongs youll do meaningful work with Workmates whove got your return well give you the trust to take risks the tools to grow the skills to develop and the support of a company invested in you for the long haul. So if you want to inspire a brighter work day for everyone including yourself youve found a match in Workday and we hope to be a match for you too.

About the Team

About the Role

The IT Risk Principal will be a foundational leader in establishing and maturing a proactive comprehensive BT Risk Management Function. This role is critical to Workdays transformation toward operating at scale as an AI-first company by ensuring our technology estate is secure compliant and resilient. You will be responsible for defining and implementing the framework standards and processes to identify assess and mitigate technology and operational risks across the entire Business Technology (BT) organization.

Key Responsibilities:

Program Development and Implementation (Strategy & Framework):

• Design and Formalize the BT Risk Management Framework: Lead the design and development of the new formal and comprehensive BT Risk Management Program clarifying roles responsibilities and a standardized framework for risk buy down prioritization.

• Establish the BT GRC Center of Excellence (CoE): Collaborate cross-functionally to build the foundation of a federated GRC model establishing a BT Center of Excellence (CoE) that promotes risk awareness standardizes methodologies and supports proactive risk management across BT.

• Drive Compliance and Policy Enhancement: Review and enhance the BT compliance strategy including controls and procedures with regard to industry trends and upcoming regulatory activity ensuring BT maintains its commitment to running secure and reliable systems

Operational Risk Assessment and Mitigation (Execution):

• Lead Risk & Control Analysis: Work with business units and stakeholders including Security Internal Audit BT and Compliance to formally assess security issues/gaps and identify potential operational risks.

• Manage Remediation & Follow-Up: Clearly communicate the impact of security issues and gaps to business management and agree on precise remediation actions and timelines. Manage follow-up programs to ensure timely completion of all Management Action Plans.

• Project Leadership: Lead a project to establish and perform a risk assessment process for BT technology. Lead ongoing projects to address GRC-related findings demonstrating immediate value and embedding a culture of proactive risk management.

Organizational Engagement and Partnerships:

• Cultivate Strategic Partnerships: Build and maintain strong effective partnerships with BT leaders and cross-functional partners to foster a collaborative and supportive environment. This is essential to drive the collective objective of Doing Things Right.

• Lead Change Management: Lead change management efforts to overcome resistance and drive adoption of new security behaviors and risk processes across the organization simplifying the path to compliance.

Metric-Driven Continuous Improvement:

• Establish Outcome-Driven Metrics (ODMs): Define implement and track ODMs to measure the effectiveness of risk management compliance and control activities.

• Refine Program via Data-Driven Insights: Continuously refine initiatives based on organizational feedback and data-driven insights from metrics to ensure the BT Risk Management program maintains alignment with strategic objectives.

About You

Basic Qualifications:

• 12 years of experience in Technology Risk Management or Governance and Compliance roles preferably within a large global enterprise or technology company.

• 12 years experience in GRC leading GRC initiatives developing and maintaining GRC frameworks and ensuring organizational compliance with applicable laws and regulations.

• Established track record of designing developing and successfully launching GRC programs.

• Deep technical understanding of cloud security IT operations and modern development practices (DevSecOps).

• Exceptional leadership program management and communication skills with the ability to influence senior leaders across technical and non-technical domains.

• Expert-level understanding of Audits Compliance organizational audit strategies and compliance programs.

• Deep and strategic knowledge of Cyber Security Governance frameworks and enterprise-wide cyber security governance programs.

Other Qualifications:

• A track record of acting as a thought leader in the technology or security space including presenting at industry events publishing articles or influencing key industry trends.

• AI/ML Knowledge: Familiarity with the unique risks and governance challenges associated with emerging technologies particularly Artificial Intelligence and Machine Learning.

• Relevant certifications (e.g. CRISC CISM CISA CISSP) are a plus.

• Bachelors degree in a relevant discipline such as Business Administration Information Security. Masters degree preferred.

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidates compensation offer will be based on multiple factors including but not limited to geography experience skills job duties and business need among other things. For more information regarding Workdays comprehensive benefits please click here.

Our Approach to Flexible Work

With Flex Work were combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections maintain a strong community and do their best work. We know that flexibility can take shape in many ways so rather than a number of required days in-office each week we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers prospects and partners (depending on role). This means youll have the freedom to create a flexible schedule that caters to your business team and personal needs while being intentional to make the most of time spent together. Those in our remote home office roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law Workday will consider for employment qualified applicants with arrest and conviction records.

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.

Are you being referred to one of our roles If so ask your connection at Workday about our Employee Referral process!

At Workday we value our candidates privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition Workday will never ask candidates to pay a recruiting fee or pay for consulting or coaching services in order to apply for a job at Workday.