Workday

Sr. Principal, GRC

Workday$196K — $287K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Engineering, Computer Science, Management Information Systems, or related field.
  • 7+ years in EMEA cybersecurity standards and procurement frameworks like G-Cloud and GDPR.
  • 7+ years in international industry security and privacy compliance standards, including ISO 27001 and SOC audits.
  • 7+ years managing security and compliance audits, including customer onsite audits.
  • 7+ years of expertise in regulatory compliance knowledge such as NIS2, DORA, and CRA.
  • 7+ years in program/project management experience related to cybersecurity initiatives.
  • 7+ years experience in cloud computing and SaaS risk management.

Responsibilities

  • Lead and execute Cybersecurity Governance, Risk, and Compliance (cGRC) initiatives.
  • Develop and maintain compliance frameworks and policies to adhere to regulatory requirements.
  • Ensure certification and compliance of Workday’s Public Sector offerings through ongoing monitoring and stakeholder alignment.
  • Act as a trusted advisor, maintaining customer trust through compliance programs.
  • Conduct strategic analysis of control and technical landscapes to identify automation opportunities.
  • Evaluate AI-driven efficiencies in GRC processes and ROI of automation tools.
  • Integrate cybersecurity control requirements into Workday's Secure Development Engagement Lifecycle.

Benefits

  • Flexible work model with partial telecommuting options.
  • Opportunity for performance-based bonuses and stock grants.
  • Comprehensive health and wellness benefits provided by Workday.
Full Job Description

About the Team


About the Role


Contribute to Workday’s cybersecurity compliance posture by leading and executing critical Cybersecurity Governance, Risk, and Compliance (cGRC) initiatives. Develop and maintain cybersecurity compliance frameworks, policies, and procedures to ensure adherence to global regulatory compliance requirements, particularly Network and Information Security Directive (NIS2), Digital Operational Resilience Act (DORA), Security of Critical Infrastructure Act (SOCI), Cybersecurity Resilience Act (CRA). Enable and maintain Workday’s Public Sector offerings through certifications, continuous monitoring, consultation and deep stakeholder alignment. Act as a trusted advisor across Workday to help maintain and enhance customer's trust through various global compliance programs including UK Public Sector Procurement Frameworks (G-Cloud and Back Office Software frameworks) and cybersecurity certification schemes like BSI C5 (Germany), IRAP (Australia), ENS (Spain). Conduct strategic analysis of Workday's control and technical landscape to identify automation opportunities for the GRC team, evaluate the potential of AI-driven efficiencies, and assess the ROI of GRC automation tools like OneTrust and TrustCloud. As part of the Shift-Left initiative, leverage a deep understanding of Workday's SDLC, LaunchPad and Secure Development Engagement Lifecycle processes to integrate cybersecurity control requirements, ensuring streamlined audit readiness and driving process optimization. Position reports to the Workday's Boulder, CO office. May allow partial telecommuting.

Salary Range: $196,498 - $287,400


About You


Basic Qualifications

Bachelor's degree in Computer Engineering, Computer Science, Management Information Systems or related field plus seven (7) years, progressive, post-baccalaureate work experience in the job offered or in a Sr. Principal, GRC-related occupation.

7 years (84 months) of experience in EMEA cybersecurity standards and procurement frameworks including G-Cloud, Cyber Essentials Plus, Back Office Software, BSI C5, ENS, TISAX, EU Cloud Code of Conduct, and GDPR;

7 years (84 months) of experience in international industry security and privacy compliance standards including ISO 27001, ISO27017, ISO27018, ISO 27701, SOC1 and SOC2+;

7 years (84 months) of experience in facilitating and managing security and compliance audits (including customer onsite audits);

7 years (84 months) of experience in industry-specific regulatory compliance knowledge such as NIS2, DORA, and CRA;

7 years (84 months) of experience in program/project management experience;

7 years (84 months) of experience in cloud computing and Software as a Service, particularly risk models and controls related to these services;

7 years (84 months) of experience in legal/operational commitments of SaaS organizations and the shared security responsibilities between customers and service providers; and

7 years (84 months) of experience with capability to map nuances of individual product lines within a large organization and determine applicability to security certification and attesting frameworks.


Workday Pay Transparency Statement


Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please .

 

Primary Location: USA.CO.Boulder

 

 



Our Approach to Flexible Work
 

Workday uses a hybrid Flex Work Model. Most roles require at least 50% in-person time each quarter in a Workday office or with customers, prospects, or partners, with specific expectations varying by role, team, country, and business needs.

About Workday

Workday, Inc. is a provider of enterprise cloud applications for finance and human resources. The Company delivers financial management, human capital management and analytics applications designed for various companies, educational institutions and government agencies. As part of its applications, the Company provides embedded analytics that capture the content and context of everyday business events, facilitating informed decision-making from wherever users are working. Its applications include Workday Financial Management, Workday Human Capital Management (HCM) and Other Applications. It also provides open, standards-based Web-services application programming interfaces, and pre-built packaged integrations and connectors. Workday, Inc. is headquartered in Pleasanton, California.
Learn more about Workday
Size
15,932 employees
Market Cap
$42.2 billion
Industry
Net Income
-$282.4 million
Founded
2005
5 Year Trend
+26.7%
Revenue
$4.3 billion
NASDAQ

Similar Jobs

More Jobs at Workday

More Information Technology Jobs

Find similar Sr. Principal, GRC jobs: