Workday
Workday unites finance and HR on a single AI-driven platform, empowering people, enabling fast decisions, and ensuring flawless operations to drive business forever forward.
At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. One thing that really set us apart was our culture, driven by our value of putting our people first. The happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is essential for success in business. That’s why we look after our people, communities, and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.
About the Team
Cybersecurity GRC & Trust (cGRC&T) is dedicated to maintaining, enhancing, and protecting trust in Workday. Every cGRC workmate contributes by building and managing programs designed to protect the confidentiality, integrity, and availability (CIA) of our customers’ most sensitive data and representing those programs externally via audits and certifications. The cGRC team serves as a trusted advisor across Workday to help maintain and enhance trust for our customers.
Within cGRC&T, the Cybersecurity Risk team focuses on cybersecurity risk management and oversight. The team regularly performs security maturity assessments, risk assessments, evaluates security exceptions, and advises stakeholders on best practices. Other activities include aggressive risk management, maturity work, and integration with the first line of defense processes.
About the Role
The ideal candidate brings an understanding of cyber risk management frameworks and solutions, with the ability to translate them into business value through quantitative analysis and out-of-the-box thinking. This candidate needs to approach risk evaluations through the lens of an adversary to understand the entire attack surface and attack vectors to provide a holistic perspective of risk at an aggregate level.
To succeed with this methodology, the candidate must be proficient in cybersecurity technology to hold meaningful conversations with cyber engineers yet well-versed in business and risk management practices to translate those technical considerations into risk scenarios and impacts non-technical decision makers can understand. While risk management experience is beneficial, we encourage candidates with cybersecurity engineering or analyst backgrounds to apply as this role will require sufficient technical knowledge.
* Building and operating our cyber risk assessment programs, and identifying opportunities to improve our methodologies and processes iteratively.
* Able to independently conduct Cybersecurity risk assessments across Workday identifying gaps in security posture and recommending compensating controls.
* Ensure risks are identified, centrally registered, and tracked using a consistent methodology and lifecycle management.
* Provide Risk Advisory support to Workday’s Business units.
* Supervise the implementation of mitigating projects and their impact in reducing security risk, assessing the impact to risk mitigation.
* Craft and prepare reports, heatmaps, and presentations for different audiences throughout the organization including risk owners, senior leaders, audit committee, etc.
* Works on multiple Information Security Risk Management projects as the domain expert.
* Build positive relationships with business partners.
About You
* Basic qualifications
* Bachelor’s degree in cybersecurity or computer science.
* 5+ years in Information Security or a security or related engineering role in a technical environment.
* Demonstrated ability providing risk-based security recommendations.
* Skilled at big picture holistic thinking.
* Knowledge of NIST 800 - 53, NIST 800 - 30, and NIST CSF 2.0 preferred.
* CRISC, CEH, OSCP, PEN+, CASP+ or similar certifications highly desired.
* Other qualifications
* Deep technical skills but equally comfortable interacting with senior business leaders.
* Excellent collaboration, executive presence, and storytelling skills.
* Enthusiastic about all things cybersecurity with a desire for continuous learning.
* Active in the cybersecurity community participating in activities such as CTF’s and security conferences.
* Experience in Software as a Service is a plus.
Our Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together.
#J-18808-Ljbffr