Director of Cybersecurity Defense – U.S. Federal Programs (US Federal)

Your work days are brighter here.

Were obsessed with making hard work pay off for our people our customers and the world around us. As a Fortune 500 company and a leading AI platform for managing people money and agents were shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join youll feel it. Not just in the products we build but in how we show up for each other. Our culture is rooted in integrity empathy and shared enthusiasm. Were in this together tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether youre building smarter solutions supporting customers or creating a space where everyone belongs youll do meaningful work with Workmates whove got your return well give you the trust to take risks the tools to grow the skills to develop and the support of a company invested in you for the long haul. So if you want to inspire a brighter work day for everyone including yourself youve found a match in Workday and we hope to be a match for you too.

About the Team

About the Role

This role will support one or more direct or indirect contracts with the U.S. Federal Government which due to federal government security requirements mandates that all Workday personnel working on the contracts be United States citizens (naturalized or native).

Strategic Leadership & Governance

Define and execute the cybersecurity defense strategy for U.S. Federal programs aligned with organizational objectives risk appetite and regulatory requirements.
Establish and lead cybersecurity defense for Federal work including policies standards and procedures that meet or exceed federal expectations.
Provide regular reporting on risk posture incidents and compliance status to executive leadership and Federal stakeholders.
Risk Management & Compliance
Support the implementation and ongoing operation of federal cybersecurity frameworks including NIST RMF NIST SP 800-53 NIST CSF and ISO/industry best practices as applicable.
Oversee and maintain compliance with FISMA FedRAMP (if relevant) DoD IL4 and other applicable federal regulations directives and agency-specific requirements.
Support the security authorization/accreditation activities relevant to Cyber Defense operations (e.g. ATO processes) including control selection implementation continuous monitoring and Plan of Action and Milestones (POA&M) management.
Manage third-party risk for vendors and partners supporting Federal programs ensuring they meet required security standards.
Security Operations & Incident Management
Oversee day-to-day cybersecurity operations for Federal environments including monitoring detection incident response and threat hunting.
Develop and maintain incident response plans and playbooks in alignment with federal requirements ensuring timely reporting and coordination with applicable agencies.
Coordinate cross-functional response to security incidents impacting Federal systems from triage and containment through eradication recovery and lessons learned.
Partner with enterprise SOC IR and threat intelligence teams to ensure Federal-specific threats and requirements are fully addressed.
Architecture Engineering & Zero Trust
Provide architectural input and direction for secure design implementation and operation of systems that support Federal customers (on-premises cloud and hybrid).
Champion Zero Trust principles and modern security architectures tailored to Federal requirements and guidance (e.g. OMB CISA).
Guide security technologies such as IAM PAM EDR/XDR SIEM encryption data loss prevention vulnerability management and configuration management.
Ensure security is integrated into system development lifecycles (DevSecOps) and CI/CD pipelines supporting Federal programs.
Team Leadership & Talent Development
Build lead and mentor a multidisciplinary cybersecurity team (e.g. security engineers analysts architects compliance specialists) supporting Federal customers.
Set clear goals performance expectations and development plans to foster a culture of high performance accountability and continuous improvement.
Promote collaboration with engineering operations legal compliance and program management teams.
Drive a security-aware culture across all teams working on Federal programs through communication and engagement.
Stakeholder & Customer Engagement
Represent cybersecurity in engagements with Federal customers auditors inspectors general and regulatory bodies.
Support business development and capture activities by contributing to proposals RFP responses and customer presentations related to security capabilities.
Communicate complex security and risk topics in clear business-relevant language to technical and non-technical audiences.

About You

This role may require a security clearance at the TS/SCI w/CI Poly level. Applicants must have the ability to obtain and maintain a U.S. government issued security clearance. An active TS/SCI w/CI Poly is preferred.

Basic Qualifications:

10 years of progressive experience in cybersecurity with at least 5 years leading security teams or programs.
Demonstrated experience managing cybersecurity for U.S. Federal Government programs agencies or contractors.
In-depth knowledge of key federal cybersecurity frameworks and regulations including:
o NIST RMF and NIST SP 800-53
o NIST Cybersecurity Framework (CSF)
o FISMA FedRAMP IL (if applicable to your environment)
o Relevant OMB DHS/CISA and agency-specific guidance
Proven experience leading security authorization/ATO processes and continuous monitoring activities for Federal systems.
Strong understanding of modern enterprise and cloud security including Zero Trust identity-centric security network segmentation endpoint security and secure software development.
Demonstrated success in incident management including coordination with internal stakeholders and where applicable federal authorities.

Preferred Qualifications

Bachelors degree in Computer Science Information Security Engineering or related field; or equivalent work experience.
Advanced degree (Masters) in Cybersecurity Information Assurance or related discipline.
Relevant security certifications such as CISSP CISM CISA CCSP GIAC (e.g. GSEC GCIA GCIH) or equivalent.
Experience with major cloud service providers (e.g. AWS Azure Google Cloud) and associated federal offerings (e.g. GovCloud IL environments).
Experience working with or within agencies such as DoD DHS DOJ Treasury or Intelligence Community.
Background in secure system architecture security engineering or threat intelligence focused on nation-state and advanced threats.
Experience supporting proposal development customer briefings and formal audits/assessments.

Competencies

Strong leadership and people management skills with the ability to inspire and develop a high-performing team.
Excellent written and verbal communication skills including the ability to convey complex risk and security topics succinctly.
Strategic and analytical thinker with a bias for action and the ability to prioritize in a dynamic environment.
Collaborative customer-focused mindset with the ability to build trust and credibility with Federal stakeholders.
High integrity sound judgment and a strong sense of accountability and mission orientation.

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidates compensation offer will be based on multiple factors including but not limited to geography experience skills job duties and business need among other things. For more information regarding Workdays comprehensive benefits please click here.

Our Approach to Flexible Work

With Flex Work were combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections maintain a strong community and do their best work. We know that flexibility can take shape in many ways so rather than a number of required days in-office each week we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers prospects and partners (depending on role). This means youll have the freedom to create a flexible schedule that caters to your business team and personal needs while being intentional to make the most of time spent together. Those in our remote home office roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law Workday will consider for employment qualified applicants with arrest and conviction records.

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.

At Workday we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point please email .

Are you being referred to one of our roles If so ask your connection at Workday about our Employee Referral process!

At Workday we value our candidates privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

In addition Workday will never ask candidates to pay a recruiting fee or pay for consulting or coaching services in order to apply for a job at Workday.