Log in

Sign up
  • Workato logo

    Workato

  • Senior Security Analyst, GRC

Senior Security Analyst, GRC

Engineering · Pune, India

Job description

About Workato

Workato is the only integration and automation platform that is as simple as it is powerful — and because it’s built to power the largest enterprises, it is quite powerful. 

Simultaneously, it’s a low-code/no-code platform. This empowers any user (dev/non-dev) to painlessly automate workflows across any apps and databases.

We’re proud to be named a leader by both Forrester and Gartner and trusted by 7,000+ of the world's top brands such as Box, Grab, Slack, and more. But what is most exciting is that this is only the beginning. 

Why join us?

Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company. 

But, we also believe in balancing productivity with self-care. That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. 

If this sounds right up your alley, please submit an application. We look forward to getting to know you!

Also, feel free to check out why:

  • Business Insider named us an “enterprise startup to bet your career on”

  • Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world

  • Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America

  • Quartz ranked us the #1 best company for remote workers

Responsibilities

Note: this role requires working from 4:00 pm till 00:00 am IST to support the US time zone

Workato is seeking a detail-oriented, highly motivated, technology-savvy and passionate Sr. Security Analyst professional who wants to support, promote and further mature the company's security GRC program. Responsible for executing various security compliance initiatives such as risk assessments, security control audits and 3rd party risk assessments. You will use your strong communication, analytical and troubleshooting abilities to quickly identify and report on controls from various security domains, control and/or process gaps and to identify process and technology opportunities. Primary responsibilities include, but are not limited to:

  • Perform quarterly user access reviews.

  • Support management documentation such as security policies, standards and guidelines, processes, and data flows.

  • Conduct periodic information security (and privacy) risk assessments.

  • Review, audit, and monitor security compliance programs against security policies, standards, and frameworks such as PCI-DSS, ISO, NIST, SOC 2, etc.

  • Support developing remediation plans for issues and risks, coordinate activities with control owners, and track remediation to completion.

  • Assist in documenting, and maintaining the risk register.

  • Lead evidence collection for external audits related to SOC1, SOC2, ISO, HIPAA, PCI-DSS, etc.

  • Assist in vendor security risk assessments.

  • Build and cultivate positive working relationships with stakeholders across various teams.

Requirements

Qualifications / Experience / Technical Skills

  • Willingness to work US PST time-zone hours.

  • B.S. degree in Management Information Systems, Computer Science, Information Security, or any security technology-related field.

  • 7+ years of hands-on assessing internal controls, security audit, control framework/compliance, information security, and/or technology process experience.

  • Very high attention to detail, high integrity, and business ethics.

  • Willing to learn and take on new responsibilities.

  • Excellent skills in troubleshooting, problem-solving, analytical thinking, and project management.

  • Technical knowledge/Experience in security controls technologies such as firewalls, IDS, DLP, Vulnerability Management, AWS environment, Application Security, Monitoring and logging tools,  etc.

  • Ability to work independently to achieve objectives and deliver results.

  • Experience in security standards/frameworks such as PCI-DSS, NIST 800-171, SOC 1 & 2, ISO 27001/27701, etc.

  • CISSP, CISA, CISM, PCI ISA, or similar security certifications are ideal.

  • Big 4 Consulting experience is preferable.

Soft Skills / Personal Characteristics

  • Excellent communication skills that translate compliance requests into technical recommendations. 

  • High level of energy and a desire to thrive in a fast-paced organization; ability to balance multiple projects under pressure.

  • Excellent team player with a willingness to share knowledge with others.

Org chart

BUSINESS

EVERY ORG CHART

Access the worlds's biggest network of public org charts

Learn more
A panel showing how The Org can help with contacting the right person.

Related jobs