Security & GRC Lead



Mountain View, CA, USA
Posted on Wednesday, November 15, 2023

About Workato

Workato is the only integration and automation platform that is as simple as it is powerful — and because it’s built to power the largest enterprises, it is quite powerful.

Simultaneously, it’s a low-code/no-code platform. This empowers any user (dev/non-dev) to painlessly automate workflows across any apps and databases.

We’re proud to be named a leader by both Forrester and Gartner and trusted by 7,000+ of the world's top brands such as Box, Grab, Slack, and more. But what is most exciting is that this is only the beginning.

Why join us?

Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company.

But, we also believe in balancing productivity with self-care. That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives.

If this sounds right up your alley, please submit an application. We look forward to getting to know you!

Also, feel free to check out why:

  • Business Insider named us an “enterprise startup to bet your career on”

  • Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world

  • Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America

  • Quartz ranked us the #1 best company for remote workers


We are looking for an exceptional Security and GRC Manager to join our growing team. In this role, you will be a core member of our Security, Governance, and Compliance team. We are seeking an experienced person who can understand security requirements, apply standards-based best practices in implementing a security program, and communicate effectively about our policies and practices to internal and external stakeholders. Candidates located in the US and Canada are welcome to apply.

  • Gain and maintain detailed familiarity with Workato’s security and privacy controls.

  • Communicate security requirements to internal teams, guide their implementation of appropriate controls, monitor compliance with corporate policies, contract provisions, compliance and legal requirements.

  • Work with sales teams, participate in customer facing discussions, and speak to customers, prospects and partners about our security posture.

  • Work with Workato’s legal team to review contract language, especially related to security and compliance requirements.

  • Take a lead role in Workato’s security and privacy audit programs. Work with external auditors. Communicate audit requirements to internal teams, including translation of auditor requests into actionable evidence requests. Coordinate audit activities, track completion.

  • Participate as required in activities such as vendor management, policy development, internal audit, etc.

  • Track and keep abreast of emerging risks, threats, legal and regulatory changes, and other developments in the security field. Identify process improvements and tools to improve Workato’s security posture.


Qualifications / Experience / Technical Skills

  • Bachelor’s degree in CS or a related field.

  • Minimum 5-7 years of experience in IT or Application Security, GRC, Risk or Audit functions.

  • Knowledge of all domains within security covering people, process and technology.

  • Solid understanding of security concepts, security policies, risks, and corresponding mitigation strategies.

  • Experience with standards and frameworks such as SOC-2, NIST 800-53, NIST 800-171, FedRAMP, PCI-DSS, ISO27001, including direct participation in audit activities.

  • Familiarity with global privacy regulations including GDPR, CPRA.

  • Understanding of modern cloud application architecture, standards, practices, and common vulnerabilities.

  • Familiarity with Amazon Web Services (AWS) services, security tools, and best practices is a plus.

  • Prefer candidates with security certifications such as CISSP, CISM, CISA, GSP, GSE.

  • Experience in or with companies developing SaaS software is preferred.

Soft Skills / Personal Characteristics

  • The ideal candidate will possess both business and technical skills, and be able to communicate effectively with a wide range of internal and external stakeholders.

  • Understand a risk-informed approach to security that respects and supports business needs without compromising key security priorities.

  • Detail-oriented with superior organizational and time-management skills - balancing multiple projects, deadlines, and requests.

  • Driven with a can-do attitude and determination to succeed.

  • Excellent written and verbal communication skills.

For California applicants, the pay for this role begins at $180,000 plus benefits, perks, and equity.