Sr. Principal, GRC
Boulder, CO - USA
Job Summary
Your work days are brighter here.
Were obsessed with making hard work pay off for our people our customers and the world around us. As a Fortune 500 company and a leading AI platform for managing people money and agents were shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join youll feel it. Not just in the products we build but in how we show up for each other. Our culture is rooted in integrity empathy and shared enthusiasm. Were in this together tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether youre building smarter solutions supporting customers or creating a space where everyone belongs youll do meaningful work with Workmates whove got your return well give you the trust to take risks the tools to grow the skills to develop and the support of a company invested in you for the long haul. So if you want to inspire a brighter work day for everyone including yourself youve found a match in Workday and we hope to be a match for you too.
About the Team
About the Role
Contribute to Workdays cybersecurity compliance posture by leading and executing critical Cybersecurity Governance Risk and Compliance (cGRC) initiatives. Develop and maintain cybersecurity compliance frameworks policies and procedures to ensure adherence to global regulatory compliance requirements particularly Network and Information Security Directive (NIS2) Digital Operational Resilience Act (DORA) Security of Critical Infrastructure Act (SOCI) Cybersecurity Resilience Act (CRA). Enable and maintain Workdays Public Sector offerings through certifications continuous monitoring consultation and deep stakeholder alignment. Act as a trusted advisor across Workday to help maintain and enhance customers trust through various global compliance programs including UK Public Sector Procurement Frameworks (G-Cloud and Back Office Software frameworks) and cybersecurity certification schemes like BSI C5 (Germany) IRAP (Australia) ENS (Spain). Conduct strategic analysis of Workdays control and technical landscape to identify automation opportunities for the GRC team evaluate the potential of AI-driven efficiencies and assess the ROI of GRC automation tools like OneTrust and TrustCloud. As part of the Shift-Left initiative leverage a deep understanding of Workdays SDLC LaunchPad and Secure Development Engagement Lifecycle processes to integrate cybersecurity control requirements ensuring streamlined audit readiness and driving process optimization. Position reports to the Workdays Boulder CO office. May allow partial telecommuting.
Salary Range: $196498 - $287400
About You
Basic Qualifications
Bachelors degree in Computer Engineering Computer Science Management Information Systems or related field plus seven (7) years progressive post-baccalaureate work experience in the job offered or in a Sr. Principal GRC-related occupation.
7 years (84 months) of experience in EMEA cybersecurity standards and procurement frameworks including G-Cloud Cyber Essentials Plus Back Office Software BSI C5 ENS TISAX EU Cloud Code of Conduct and GDPR;
7 years (84 months) of experience in international industry security and privacy compliance standards including ISO 27001 ISO27017 ISO27018 ISO 27701 SOC1 and SOC2;
7 years (84 months) of experience in facilitating and managing security and compliance audits (including customer onsite audits);
7 years (84 months) of experience in industry-specific regulatory compliance knowledge such as NIS2 DORA and CRA;
7 years (84 months) of experience in program/project management experience;
7 years (84 months) of experience in cloud computing and Software as a Service particularly risk models and controls related to these services;
7 years (84 months) of experience in legal/operational commitments of SaaS organizations and the shared security responsibilities between customers and service providers; and
7 years (84 months) of experience with capability to map nuances of individual product lines within a large organization and determine applicability to security certification and attesting frameworks.
Workday Pay Transparency Statement
Workday pay ranges vary based on work location. As a part of the total compensation package this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidates compensation offer will be based on multiple factors including but not limited to geography experience skills job duties and business need among other things. For more information regarding Workdays comprehensive benefits please click here.
Primary Location:
Our Approach to Flexible Work
Workday uses a hybrid Flex Work Model. Most roles require at least 50% in-person time each quarter in a Workday office or with customers prospects or partners with specific expectations varying by role team country and business needs.
Pursuant to applicable Fair Chance law Workday will consider for employment qualified applicants with arrest and conviction records.
Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.
Workday is committed to providing reasonable accommodations for qualified individuals during our application process in order to perform one or more essential functions of their job as well as regarding the use of AI tools for employment decision-making to any degree. Please see below for more details including how to request an accommodation as a qualified veteran due to a disability or for religious reasons or as otherwise provided under applicable law.
Workday prohibits taking adverse action against any candidate or employee for reporting a possible violation of this policy requesting one or more work accommodations exercising a privacy right or cooperating in an investigation in accordance with applicable law. Any employee who retaliates against a candidate or employee for doing so may be subject to disciplinary action up to and including termination of employment to the fullest extent allowable under applicable law.
If you require a reasonable accommodation you should open a People Guide Request (current employees only) or you may email as far in advance as possible.
Are you being referred to one of our roles If so ask your connection at Workday about our Employee Referral process!
At Workday we value our candidates privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition Workday will never ask candidates to pay a recruiting fee or pay for consulting or coaching services in order to apply for a job at Workday.
Required Experience:
Senior IC
About Company
Seamlessly manage your people, money, and agents on an open, unified platform with AI at the core. It’s a new work day.