Workato delivers enterprise infrastructure for the agentic era, redefining iPaaS and helping enterprises unify data, applications, processes, and AI into a single, governed platform. A leader in Enterprise MCP and trusted by 50% of the Fortune 500, Workato’s cloud-native architecture connects every application, data source, and process to power real-time orchestration at scale. With enterprise-grade security and continuous innovation at its core, Workato provides the trusted foundation for organizations to automate with confidence and operationalize AI across the business. To learn more, visit www.workato.com
Why join us?Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.
But, we also believe in balancing productivity with self-care. That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.
If this sounds right up your alley, please submit an application. We look forward to getting to know you!
Also, feel free to check out why:
Business Insider named us an “enterprise startup to bet your career on”
Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world
Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America
Quartz ranked us the #1 best company for remote workers
We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:
Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP
Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows
Manage and oversee risk, compliance, and governance initiatives across teams
Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed
Conduct risk assessments, security audits, and third-party/vendor risk reviews
Review contracts to ensure security and compliance requirements are met
Identify process gaps and recommend improvements to enhance the organization’s security posture
Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders
Perform regular user access reviews
Develop and track remediation plans for identified risks and issues
Maintain and update the risk register
Oversee vendor security assurance processes
Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards
Support risk and security discussions across cross-functional teams
Build strong working relationships across departments
Take on additional responsibilities as needed
Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)
8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation
Experience working with cloud platforms such as AWS, Azure, or Google Cloud
Proven ability to negotiate and prioritize risk remediation with internal stakeholders
Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field
Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management
Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)
Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701
Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred
Ability to manage multiple priorities independently with minimal supervision
Strong communication skills with the ability to translate compliance requirements into technical actions
High energy and adaptability in a fast-paced environment
Strong collaboration and a knowledge-sharing mindset
Excellent time management and organizational skills
High attention to detail, integrity, and ethical standards
Willingness to learn and take on new challenges
May involve some international travel
This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.
Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.
(REQ ID: 2760)
