About the Role Workday is seeking a highly motivated and proactive Security and Compliance leader to join our dedicated Product & Compliance team within the Government Industry Vertical. In this crucial role, you will serve as a key partner to our product teams (HCM and Financials), expertly navigating compliance requirements (e.g. FedRAMP, IL4, IL5, Secret, Top Secret, etc.) with a deep understanding of NIST 800-53, as well as building and managing a team of product compliance experts.

Key Responsibilities: Team Management & Leadership: Hire, manage, mentor, and grow a team of compliance professionals, fostering a culture of continuous learning and accountability to ensure all security and compliance objectives are met efficiently.

Security Engineering: Work with engineering teams to ensure that systems are architected, implemented and operate in compliance with relevant security standards including FedRAMP/FISMA High, DoD IL-4/5, NIST 800-53 R5, ISO 27000 and others.

Compliance Engineering: Establish baseline engineering requirements for compliance to build secure solutions for Government Cloud environments.

Risk & Audit Management: Establish Risk Management strategy, coordinating with external assessors and advisory firms that provide security audits and risk assessments. Supervise mitigation plans, ensuring timely remediation of risks.

GRC Oversight: Establish and govern a common controls strategy to ensure security and compliance across Workday’s environments with relevant internal and external security frameworks.

Collaborator Collaboration: Partner with cross-functional teams, including product security, engineering, legal, and external regulatory bodies, to align compliance initiatives with business objectives.

Build and Maintain External Partnerships: Maintain and lead partnerships with customer US Federal Government agencies and the FedRAMP PMO, staying atop of all industry updates and changes to the program.

Process Optimization: Drive efficiencies in compliance assessments, including the implementation of innovative ways to meet and exceed security requirements.

Incident Response & Threat Management: Provide executive-level guidance on incident response and security forensics, ensuring alignment with compliance frameworks.

Policy & Governance: Own the development of security policies, procedures, and reporting mechanisms to meet relevant regulatory and customer requirements

About You You are a meticulous security leader who thrives in regulated environments and understands the intricacies of cloud compliance. You know how to communicate complex security concepts to both engineers and executives. You bring a pragmatic, risk-based approach to compliance and are passionate about building secure systems that meet the needs of public sector customers.

Basic Qualifications 10+ years of experience in cybersecurity engineering for complex enterprise systems for regulated industries

5+ years experience working with regulatory compliance frameworks (e.g. NIST 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRAMP, DOD SRG IL4/IL5, PCI, etc.)

2+ years experience managing teams

US Citizenship and ability to acquire/maintain a security clearance

​ Other Qualifications Experience in architecting secure solutions using cloud native technologies (including CI/CD pipelines, microservices, etc.)

Experience in building secure solutions in cloud environments (like AWS/GCP/Azure) that align with FedRAMP High requirements.

Proven leadership experience in driving cross-functional compliance initiatives.

Exceptional ability to communicate and influence collaborators at all levels, including senior executives.

Experience working with the FedRAMP PMO, FedRAMP JAB, and DISA Cloud Assessment Division is a plus.

Deep technical knowledge application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS

Industry certifications such as CISA, CISSP, CCSK, or equivalent are desirable.

Workday Pay Transparency Statement The annualized base salary ranges for the primary location and any additional locations are listed below. Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please . Primary Location: USA.MD.Home Office Washington DC MetroPrimary Location Base Pay Range: $213,400 USD - $320,000 USDAdditional US Location(s) Base Pay Range: $193,000 USD - $341,400 USD Additional Considerations: If performed in Colorado, the pay range for this job is $203,200 - $304,800 USD based on min and max pay range for that role if performed in CO. The application deadline for this role is the same as the posting end date stated as below:

08/17/2025