Program Manager, Cybersecurity Risk Management

Your work days are brighter here.At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.About the TeamThe Workday Cybersecurity Risk team is looking for a Program Manager, Cybersecurity Risk Management, passionate about risk management, with a passion for learning, helping business partners identify, assess and manage Cybersecurity risks impacting Workday.The ideal candidate brings an understanding of cyber risk management frameworks and solutions, with the ability to translate them into business value.About the RoleBuilding and operating our cyber risk assessment programs, and refresh our methodology and procedures as needed.Able to independently conduct Cybersecurity risk assessments across Workday.Ensure risks are identified and centrally registered and tracked following a consistent procedure to account for treatment decisions.Work with multi-functional partners to complete risk assessments and drive mitigation efforts.Provide Risk Advisory support to Workday’s Business units.Supervise the implementation of mitigating projects and their impact in reducing security risk, assessing the impact to risk mitigationProvide input into the Workday’s Risk Management Strategy & Program.Help mature the risk management processes based on industry standard methodologiesWork with the business to identify inherent information security risks gaps in the Workday environment, identify existing controls, gaps and help develop appropriate mitigating strategiesCraft and prepare reports, heatmaps and presentations for different audiences throughout the organization including risk owners, senior leaders, audit committee, etc.Works on multiple Information Security Risk Management projects as the domain expert Build positive relationships with business partnersAbout YouBasic qualifications Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent work experience.5+ years in Information Security or a security related engineering role in a technical environment.3+ years driving security risk and controls evaluation management functionHighly proficient in a risk management framework such as ISO 27001, NIST CSF, NIST 800 seriesCISA, CISM, CRISC, CISSP or similar certificationsOther qualificationsDeep technical skills but equally comfortable interacting with senior business leaders.Excellent collaboration, executive presence, and storytelling skillsKnowledge of or experience working with Cloud technologies/environments, AWS or other related cloud experience and related security topics.Experience in Software as a Service is a plus.Our Approach to Flexible Work With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!