About Workato

Workato delivers enterprise infrastructure for the agentic era redefining iPaaS and helping enterprises unify data applications processes and AI into a single governed platform. A leader in Enterprise MCP and trusted by 50% of the Fortune 500 Workatos cloud-native architecture connects every application data source and process to power real-time orchestration at scale. With enterprise-grade security and continuous innovation at its core Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business. To learn more visit

Why join us

Ultimately Workato believes in fostering a flexible trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.

But we also believe in balancing productivity with self-care. Thats why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley please submit an application. We look forward to getting to know you!

Also feel free to check out why:

• Business Insider named us an enterprise startup to bet your career on

• Forbes Cloud 100 recognized us as one of the top 100 private cloud companies in the world

• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area and 96th in North America

• Quartz ranked us the #1 best company for remote workers

Responsibilities

Workato is seeking a detail-oriented driven and technically experienced Senior GRC Analyst to strengthen and advance its security governance risk and compliance (GRC) program with a primary focus on FedRAMP authorization and ongoing federal compliance operations.

This role will lead FedRAMP readiness authorization and continuous monitoring activities in alignment with NIST 800-53 requirements while also supporting broader compliance frameworks including ISO 27001 NIST 800-171 PCI-DSS and IRAP. The ideal candidate will bring deep federal compliance expertise combined with strong analytical communication and problem-solving skills to evaluate controls identify gaps and drive improvements across security domains.

In this role you will also be responsible to:

• Lead FedRAMP authorization efforts including System Security Plan (SSP) development Security Assessment Report (SAR) review Plan of Action & Milestones (POA&M) management and preparation for Third Party Assessment Organization (3PAO) engagements

• Own continuous monitoring (ConMon) activities in accordance with FedRAMP requirements including monthly vulnerability scanning incident reporting and annual assessments

• Maintain and update FedRAMP authorization documentation including SSP CIS CRM and associated artifacts

• Lead internal and external audits for frameworks including FedRAMP (NIST 800-53) ISO 27001/27701 PCI-DSS NIST 800-171 and IRAP

• Coordinate with process owners control owners 3PAOs and federal agency stakeholders to ensure findings are tracked and remediated

• Conduct risk assessments security audits and third-party/vendor risk reviews with a focus on FedRAMP boundary and supply chain risk

• Review contracts to ensure security and compliance requirements including FedRAMP flow-down clauses are met

• Identify control gaps and recommend improvements to enhance the organizations federal security posture

• Communicate FedRAMP requirements risks and compliance status clearly to both technical and non-technical stakeholders including federal agency customers

• Perform regular user access reviews aligned to least-privilege and FedRAMP AC control requirements

• Develop and track remediation plans for identified risks and POA&M items

• Maintain and update the risk register with federal risk considerations

• Oversee vendor and subservice provider security assurance processes relevant to the FedRAMP authorization boundary

• Collaborate with engineering infrastructure and product teams to design and implement controls aligned with NIST 800-53 baselines

• Support federal-facing sales and customer success discussions with compliance expertise

• Explore and leverage AI/automation tools to enhance streamline or scale GRC and ConMon workflows

• Build strong working relationships across departments and with federal agency AOs (Authorizing Officials)

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

• 8 years of experience in cybersecurity audits risk management compliance or remediation

• Hands-on FedRAMP experience required including direct involvement in FedRAMP authorization (Moderate or High baseline preferred) SSP authoring POA&M management or 3PAO coordination

• Deep familiarity with NIST 800-53 Rev 5 control families and FedRAMP-specific overlays guidance and templates

• Experience working with cloud platforms such as AWS GovCloud Azure Government or Google Cloud (government regions)

• Proven ability to negotiate and prioritize risk remediation with internal and federal stakeholders

• Bachelors degree in Information Systems Computer Science Information Security or a related field

• Strong understanding of security controls in cloud environments including boundary definition encryption access control and vulnerability management

• Familiarity with NIST 800-171 and CMMC as complementary federal frameworks

• Experience auditing frameworks such as PCI-DSS SOC 2 and ISO 27001/27701

• Relevant certifications strongly preferred: CISSP CISA FedRAMP-specific training (e.g. FedRAMP PMO courses) or similar

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate federal compliance requirements into technical actions and executive-level summaries

• High energy and adaptability in a fast-paced high-stakes compliance environment

• Strong collaboration and knowledge-sharing mindset across engineering legal and customer-facing teams

• Excellent time management and organizational skills particularly for managing concurrent ConMon and audit cycles

• High attention to detail integrity and ethical standards consistent with handling federal data and programs

• Willingness to learn and take on new challenges as Workatos federal footprint grows

Nice to Have

• This position requires overlap with U.S. Pacific Time (PST) working hours.

• Strong hands-on experience with FedRAMP NIST 800-53 ISO 27001 NIST 800-171 PCI-DSS SOC 2 and potentially IRAP is required.

• May involve some international travel.

• Must be eligible to work on U.S. federal government-related programs; ability to obtain or support federal security clearance processes is a plus.

(REQ ID: 2760)