Cybersecurity Risk Program Manager

Your work days are brighter here.

At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.

About the Team

Cybersecurity GRC & Trust (cGRC&T)  is dedicated to maintaining, enhancing and protecting trust in Workday. Every cGRC workmate contributes by building and managing programs designed to protect the confidentiality, integrity and availability (CIA) of our customers’ most sensitive data and representing those programs externally via external audits and certifications. The cGRC team serves as a trusted advisor across Workday to help maintain and enhance trust for our customers.

Within cGRC&T, the Cybersecurity Risk team focuses on cybersecurity risk management and oversight. The team regularly performs security maturity assessments, risk assessments, evaluates security exceptions, and advises stakeholders on best practices. Other activities include aggressive risk management, maturity work and integration with the first line of defense processes. 

About the Role

The ideal candidate brings an understanding of cyber risk management frameworks and solutions, with the ability to translate them into business value through quantitative analysis and out of the box thinking. This candidate needs to approach risk evaluations through the lens of an adversary to understand the entire attack surface and attack vectors in order to provide a holistic perspective of risk at an aggregate level.

To succeed with this methodology the candidate must be proficient in knowledge of cybersecurity technology to hold meaningful conversations with cyber engineers yet well versed in business and risk management practices to translate those technical considerations into risk scenarios and impacts non-technical decision makers can understand. While risk management experience would be beneficial we encourage candidates with cybersecurity engineering or analyst backgrounds to apply as this role will require sufficient technical knowledge. 

• Building and operating our cyber risk assessment programs, and identify opportunities to improve our methodologies and processes iteratively

• Able to independently conduct Cybersecurity risk assessments across Workday identifying gaps in security posture and recommending compensating controls.

• -Ensure risks are identified, centrally registered and tracked using a consistent methodology and lifecycle management

• Provide Risk Advisory support to Workday’s Business units.

• Supervise the implementation of mitigating projects and their impact in reducing security risk, assessing the impact to risk mitigation

• Craft and prepare reports, heatmaps and presentations for different audiences throughout the organization including risk owners, senior leaders, audit committee, etc.

• -Works on multiple Information Security Risk Management projects as the domain expert

•  -Build positive relationships with business partners

About You

• Basic qualifications

• Bachelor’s degree in cybersecurity or computer science 

• 5+ years in Information Security or a security or related engineering role in a technical environment.

• Demonstrated ability providing risk based security recommendations

• Skilled at big picture holistic thinking

• Knowledge of NIST 800 - 53, NIST 800 - 30, and NIST CSF 2.0 preferred

• CRISC, CEH, OSCP, PEN+, CASP+ or similar certifications highly desired

• Other qualifications

• Deep technical skills but equally comfortable interacting with senior business leaders.

• Excellent collaboration, executive presence, and storytelling skills

• Enthusiastic about all things cybersecurity with a desire for continuous learning

• Active in the cybersecurity community participating in activities such as CTF’s and security conferences 

• Experience in Software as a Service is a plus.

Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!