Jobs via Dice
Chief Information Security Officer (CISO), Workday Government
Jobs via Dice, Washington, District of Columbia, us, 20022
Chief Information Security Officer (CISO), Workday Government
About the Role As the Chief Information Security Officer (CISO), Workday Government, you will be a pivotal executive leader, shaping and executing Workday's comprehensive cybersecurity strategy specifically tailored for the highly regulated and mission-critical needs of our federal government clients. This role serves as the ultimate authority and advocate for federal cybersecurity within Workday, ensuring our products, services, and operational environments not only meet but exceed the most stringent security, compliance, and resilience requirements. You will bring profound expertise in federal government cybersecurity frameworks, regulations, and executive-level experience in building, maturing, and leading complex security programs within the federal space. Critical to this role is proven experience establishing and maintaining secure cloud and on-premise network environments, including air-gapped regions, and successfully navigating the accreditation processes for SaaS platforms within these sensitive environments. You will be instrumental in maintaining our federal accreditations and pursuing new ones as Workday's federal footprint expands. This role requires a visionary leader with a hands-on approach, capable of not only defining strategy but also diving into the operational complexities of federal cybersecurity. A key responsibility will be building and scaling a dedicated federal cybersecurity team from the ground up, fostering a culture of excellence and operational rigor. Furthermore, you will be directly responsible for designing, establishing, and maturing a Security Operations Center (SOC) specifically tailored to meet federal compliance requirements for monitoring and responding to threats in highly sensitive environments. Key Responsibilities Strategic Vision & Leadership:
Define and articulate the long-term federal cybersecurity vision and strategy, aligning with Workday's business objectives and federal agency requirements. Serve as the executive security liaison for federal agencies, building and nurturing high-trust relationships with key government security officials, auditors, and regulatory bodies. Advise the executive leadership team on critical federal cybersecurity risks, investments, and strategic initiatives. Champion a robust security culture across the organization, with a strong focus on federal compliance and best practices. Establish and chair a Security Governance Council across stakeholders to ensure alignment and effective decision-making. Act as the primary security point-of-contact for government customers, prime contractors, integrators, FedRAMP PMO, DISA, and agency sponsors, and actively participate in industry groups and working groups for federal cybersecurity. Team & Capability Building (Hands-On):
Recruit, build, and lead a high-performing, dedicated federal cybersecurity team from its foundational stages. Define roles, hire top talent, and establish effective team structures and processes. Architect, establish, and continuously mature a federal-compliant Security Operations Center (SOC) with monitoring processes and adherence to federal reporting requirements. Provide hands-on technical guidance during incident response, architectural reviews, and complex problem-solving. Mentor and develop cybersecurity professionals, fostering continuous learning tailored for federal security challenges. Federal Compliance & Risk Management:
Direct and oversee comprehensive compliance with federal cybersecurity frameworks and regulations (FISMA, FedRAMP, NIST 800-53/800-171, CMMC, ICD 503, ITAR, CJIS, DFARS, OMB A-130, and other directives). Lead and manage the FedRAMP authorization process for relevant Workday offerings, including strategy, documentation, control implementation, continuous monitoring, and re-authorization. Establish and enforce enterprise-wide federal risk management frameworks with regular risk assessments and mitigation strategies. Assist in obtaining and maintaining Authority to Operate (ATO) for Workday Government offerings. Lead audits and assessments by third-party or government agencies (e.g., GAO, DoD IG, DHS). Ensure robust data loss prevention, access control, secure disposal procedures, and advanced audit logging for federal environments. Cyber Defense & Incident Response (Federal Focus):
Architect and refine a cyber defense strategy for federal environments, including air-gapped and cross-domain solution architectures. Develop and test federal-specific incident response plans and threat management aligned with FISMA/NIST SP 800-61. Coordinate with US-CERT, CISA, and government customers during major incidents. Maintain playbooks and conduct red team/blue team exercises. Lead threat intelligence gathering and analysis for the federal landscape, mitigating emerging threats and vulnerabilities. Ensure SOC capabilities are optimized for federal compliance, including offline log analysis and secure data handling. Participate in classified threat briefings, if cleared. Secure Federal Architecture, Engineering & Product Support:
Provide leadership for secure design, development, and deployment of SaaS solutions in federal environments, embedding security-by-design. Design and maintain secure architectures (on-prem, cloud, hybrid). Oversee System Security Plans (SSPs) and RMF lifecycle; enforce Zero Trust Architecture (ZTA). Oversee vulnerability scanning and security operations (SIEM, SOAR); collaborate with engineering and product teams to meet federal requirements. Ensure secure coding practices and oversee STIG compliance and code scanning (SAST/DAST/IAST). Support CI/CD pipelines with security gates and interface with government DevSecOps teams. Insider Threat & Personnel Security:
Collaborate with FSO or HR on personnel vetting and insider threat programs; ensure proper handling of classified information where applicable. Oversee background check compliance and clearance levels (public trust, secret, TS/SCI, etc.). Security Awareness, Training, and Policy Development:
Direct and manage security audits, assessments, and continuous monitoring for federal systems; develop and enforce security policies for federal regulations; drive security awareness programs; conduct security training aligned with DoD/DHS requirements. Contract & Supply Chain Risk Management:
Ensure secure SDLC for software under federal contracts; conduct supply chain risk assessments and ensure subcontractors meet required controls (e.g., NIST 800-171 for CUI). Metrics & Reporting:
Report on federal cybersecurity posture to executive leadership and the Board; provide required reports to federal agencies (FISMA scorecards, POA&M updates, incident reports). About You
Education:
Bachelor’s degree in Computer Science, Cybersecurity, or related field required; Master’s preferred. Experience:
15+ years in cybersecurity leadership, with 7+ years in senior/executive federal government cybersecurity roles; proven SOC leadership and FedRAMP experience; deep knowledge of federal frameworks; ability to work with air-gapped and CDS architectures; TS/SCI clearance experience preferred. Certifications:
CISSP, CISM or similar executive certifications; Federal-specific certifications (FedRAMP 3PAO experience, DoD 8570/8140, CMMC Assessor) desirable. DoD 8570/8140 may be required for classified work. Desired Attributes:
Strategic visionary, executive presence, hands-on leadership, results-oriented, problem solver, adaptable, passion for public service. Workday Pay Transparency
The annualized base salary ranges are listed; compensation based on location and other factors. Benefits and bonus eligibility described in the offer. Primary Location: USA.VA.Home Office. Our Approach to Flexible Work:
Flex Work blends in-person and remote work; at least 50% of time each quarter in the office or field with customers and partners. Remote roles may occasion office gatherings for key moments. Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans. Fair Chance employment applies where required. If referred, please use Employee Referral process. Are you being referred to one of our roles? Ask your Workday contact about the Employee Referral process. Note: This description is subject to change and does not form a contract.
#J-18808-Ljbffr
About the Role As the Chief Information Security Officer (CISO), Workday Government, you will be a pivotal executive leader, shaping and executing Workday's comprehensive cybersecurity strategy specifically tailored for the highly regulated and mission-critical needs of our federal government clients. This role serves as the ultimate authority and advocate for federal cybersecurity within Workday, ensuring our products, services, and operational environments not only meet but exceed the most stringent security, compliance, and resilience requirements. You will bring profound expertise in federal government cybersecurity frameworks, regulations, and executive-level experience in building, maturing, and leading complex security programs within the federal space. Critical to this role is proven experience establishing and maintaining secure cloud and on-premise network environments, including air-gapped regions, and successfully navigating the accreditation processes for SaaS platforms within these sensitive environments. You will be instrumental in maintaining our federal accreditations and pursuing new ones as Workday's federal footprint expands. This role requires a visionary leader with a hands-on approach, capable of not only defining strategy but also diving into the operational complexities of federal cybersecurity. A key responsibility will be building and scaling a dedicated federal cybersecurity team from the ground up, fostering a culture of excellence and operational rigor. Furthermore, you will be directly responsible for designing, establishing, and maturing a Security Operations Center (SOC) specifically tailored to meet federal compliance requirements for monitoring and responding to threats in highly sensitive environments. Key Responsibilities Strategic Vision & Leadership:
Define and articulate the long-term federal cybersecurity vision and strategy, aligning with Workday's business objectives and federal agency requirements. Serve as the executive security liaison for federal agencies, building and nurturing high-trust relationships with key government security officials, auditors, and regulatory bodies. Advise the executive leadership team on critical federal cybersecurity risks, investments, and strategic initiatives. Champion a robust security culture across the organization, with a strong focus on federal compliance and best practices. Establish and chair a Security Governance Council across stakeholders to ensure alignment and effective decision-making. Act as the primary security point-of-contact for government customers, prime contractors, integrators, FedRAMP PMO, DISA, and agency sponsors, and actively participate in industry groups and working groups for federal cybersecurity. Team & Capability Building (Hands-On):
Recruit, build, and lead a high-performing, dedicated federal cybersecurity team from its foundational stages. Define roles, hire top talent, and establish effective team structures and processes. Architect, establish, and continuously mature a federal-compliant Security Operations Center (SOC) with monitoring processes and adherence to federal reporting requirements. Provide hands-on technical guidance during incident response, architectural reviews, and complex problem-solving. Mentor and develop cybersecurity professionals, fostering continuous learning tailored for federal security challenges. Federal Compliance & Risk Management:
Direct and oversee comprehensive compliance with federal cybersecurity frameworks and regulations (FISMA, FedRAMP, NIST 800-53/800-171, CMMC, ICD 503, ITAR, CJIS, DFARS, OMB A-130, and other directives). Lead and manage the FedRAMP authorization process for relevant Workday offerings, including strategy, documentation, control implementation, continuous monitoring, and re-authorization. Establish and enforce enterprise-wide federal risk management frameworks with regular risk assessments and mitigation strategies. Assist in obtaining and maintaining Authority to Operate (ATO) for Workday Government offerings. Lead audits and assessments by third-party or government agencies (e.g., GAO, DoD IG, DHS). Ensure robust data loss prevention, access control, secure disposal procedures, and advanced audit logging for federal environments. Cyber Defense & Incident Response (Federal Focus):
Architect and refine a cyber defense strategy for federal environments, including air-gapped and cross-domain solution architectures. Develop and test federal-specific incident response plans and threat management aligned with FISMA/NIST SP 800-61. Coordinate with US-CERT, CISA, and government customers during major incidents. Maintain playbooks and conduct red team/blue team exercises. Lead threat intelligence gathering and analysis for the federal landscape, mitigating emerging threats and vulnerabilities. Ensure SOC capabilities are optimized for federal compliance, including offline log analysis and secure data handling. Participate in classified threat briefings, if cleared. Secure Federal Architecture, Engineering & Product Support:
Provide leadership for secure design, development, and deployment of SaaS solutions in federal environments, embedding security-by-design. Design and maintain secure architectures (on-prem, cloud, hybrid). Oversee System Security Plans (SSPs) and RMF lifecycle; enforce Zero Trust Architecture (ZTA). Oversee vulnerability scanning and security operations (SIEM, SOAR); collaborate with engineering and product teams to meet federal requirements. Ensure secure coding practices and oversee STIG compliance and code scanning (SAST/DAST/IAST). Support CI/CD pipelines with security gates and interface with government DevSecOps teams. Insider Threat & Personnel Security:
Collaborate with FSO or HR on personnel vetting and insider threat programs; ensure proper handling of classified information where applicable. Oversee background check compliance and clearance levels (public trust, secret, TS/SCI, etc.). Security Awareness, Training, and Policy Development:
Direct and manage security audits, assessments, and continuous monitoring for federal systems; develop and enforce security policies for federal regulations; drive security awareness programs; conduct security training aligned with DoD/DHS requirements. Contract & Supply Chain Risk Management:
Ensure secure SDLC for software under federal contracts; conduct supply chain risk assessments and ensure subcontractors meet required controls (e.g., NIST 800-171 for CUI). Metrics & Reporting:
Report on federal cybersecurity posture to executive leadership and the Board; provide required reports to federal agencies (FISMA scorecards, POA&M updates, incident reports). About You
Education:
Bachelor’s degree in Computer Science, Cybersecurity, or related field required; Master’s preferred. Experience:
15+ years in cybersecurity leadership, with 7+ years in senior/executive federal government cybersecurity roles; proven SOC leadership and FedRAMP experience; deep knowledge of federal frameworks; ability to work with air-gapped and CDS architectures; TS/SCI clearance experience preferred. Certifications:
CISSP, CISM or similar executive certifications; Federal-specific certifications (FedRAMP 3PAO experience, DoD 8570/8140, CMMC Assessor) desirable. DoD 8570/8140 may be required for classified work. Desired Attributes:
Strategic visionary, executive presence, hands-on leadership, results-oriented, problem solver, adaptable, passion for public service. Workday Pay Transparency
The annualized base salary ranges are listed; compensation based on location and other factors. Benefits and bonus eligibility described in the offer. Primary Location: USA.VA.Home Office. Our Approach to Flexible Work:
Flex Work blends in-person and remote work; at least 50% of time each quarter in the office or field with customers and partners. Remote roles may occasion office gatherings for key moments. Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans. Fair Chance employment applies where required. If referred, please use Employee Referral process. Are you being referred to one of our roles? Ask your Workday contact about the Employee Referral process. Note: This description is subject to change and does not form a contract.
#J-18808-Ljbffr