Your work days are brighter here.
We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.
About the Team
Workday’s Cybersecurity GRC team is the guardian of customer trust. We are responsible for building and managing programs designed to protect the confidentiality, integrity, and availability (CIA) of our customers' most sensitive data. We ensure that company practices, policies, and processes are performed in accordance with contractual and regulatory requirements and Workday’s core values, and help represent these practices to our customers.We act as strategic partners that fuel Workday's growth while maintaining unwavering protection of our data and infrastructure. Joining our team means directly contributing to the security posture of a global SaaS leader. If you're driven by a passion for safeguarding millions of customers' data and eager to innovate compliance programs at scale, this is your opportunity to be part of a top-priority initiative.
About the Role
The GRC Specialist is a pivotal P3-level role, responsible for bridging the gap between security policy/compliance and technical implementation. This individual will contribute to the design, documentation, and enforcement of security controls across the organization's technology environment, driving compliance through technical solutions and process optimization.
About You
Responsibilities include:
Assist in the evaluation of internal controls in key risk areas of cyber activities/practices to ensure compliance with internal policies and applicable rules, laws, and regulations.
Maintain the technical security policies and standards that govern our infrastructure.
Monitor the effectiveness of security controls and track remediation efforts.
Ensure compliance with regulatory standards and monitor compliance status.
Work on different security compliance programs both internally and externally with customers and auditors.
Basic Qualifications:
Minimum of 3-5 years of progressively responsible experience in a GRC capacity with a proven ability to translate complex business requirements into technical governance guardrails.
Practical experience with security frameworks and standards (e.g., ISO 27001, NIST CSF, CIS Benchmarks).
Background knowledge of information technology with a clear understanding of cybersecurity and risk management.
Desired Qualifications:
Working knowledge of scripting or data analysis tools (e.g., Python, SQL) to automate compliance reporting, metric collection, and audit data preparation.
Experience governing or auditing security controls for infrastructure and services hosted on major cloud service providers (e.g., AWS, GCP, Azure), with an understanding of cloud-native security tools and frameworks.
Professional certifications such as CISM, CISA, CRISC, or CGEIT
Professional and Soft Skills:
Strong collaboration and communication skills, with the ability to contribute effectively to technical discussions and decisions.
Proven ability to analyze complex technical security problems and propose pragmatic, business-enabling solutions.
Excellent written and verbal communication skills, with the ability to articulate complex security and risk implications to both technical and non-technical stakeholders.
Demonstrates strong ownership of tasks and projects, delivering high-quality work with minimal supervision.
Our Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email [email protected].
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
