Director of Cybersecurity Defense – U.S. Federal Programs (US Federal)

Your work days are brighter here.

We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.

About the Team

The Cybersecurity Defense Director for Workday Government is responsible for developing and leading the Cyber Defense implementation strategy, and continuous improvement of cybersecurity for our U.S. Federal Government customers and programs. This role will oversee a team of security professionals, drive compliance with applicable federal regulations and frameworks, and partner closely with internal and external stakeholders to protect systems, data, and mission-critical services.

The ideal candidate brings deep experience in mature Security Operation Centers, U.S. Federal cybersecurity requirements (e.g., FISMA, FedRAMP, NIST, DoD, DHS/CISA directives), a strong technical foundation, and a proven track record of building and leading high-performing security teams in complex, multi-stakeholder environments.

About the Role

This role will support one or more direct or indirect contracts with the U.S. Federal Government which, due to federal government security requirements, mandates that all Workday personnel working on the contracts be United States citizens (naturalized or native).

Strategic Leadership & Governance

•    Define and execute the cybersecurity defense strategy for U.S. Federal programs aligned with organizational objectives, risk appetite, and regulatory requirements.
•    Establish and lead cybersecurity defense for Federal work, including policies, standards, and procedures that meet or exceed federal expectations.
•    Provide regular reporting on risk posture, incidents, and compliance status to executive leadership and Federal stakeholders.
Risk Management & Compliance
•    Support the implementation and ongoing operation of federal cybersecurity frameworks including NIST RMF, NIST SP 800-53, NIST CSF, and ISO/industry best practices as applicable.
•    Oversee and maintain compliance with FISMA, FedRAMP (if relevant), DoD IL4+, and other applicable federal regulations, directives, and agency-specific requirements.
•    Support the security authorization/accreditation activities relevant to Cyber Defense operations (e.g., ATO processes), including control selection, implementation, continuous monitoring, and Plan of Action and Milestones (POA&M) management.
•    Manage third-party risk for vendors and partners supporting Federal programs, ensuring they meet required security standards.
Security Operations & Incident Management
•    Oversee day-to-day cybersecurity operations for Federal environments, including monitoring, detection, incident response, and threat hunting.
•    Develop and maintain incident response plans and playbooks in alignment with federal requirements, ensuring timely reporting and coordination with applicable agencies.
•    Coordinate cross-functional response to security incidents impacting Federal systems, from triage and containment through eradication, recovery, and lessons learned.
•    Partner with enterprise SOC, IR, and threat intelligence teams to ensure Federal-specific threats and requirements are fully addressed.
Architecture, Engineering & Zero Trust
•    Provide architectural input and direction for secure design, implementation, and operation of systems that support Federal customers (on-premises, cloud, and hybrid).
•    Champion Zero Trust principles and modern security architectures tailored to Federal requirements and guidance (e.g., OMB, CISA).
•    Guide security technologies such as IAM, PAM, EDR/XDR, SIEM, encryption, data loss prevention, vulnerability management, and configuration management.
•    Ensure security is integrated into system development lifecycles (DevSecOps) and CI/CD pipelines supporting Federal programs.
Team Leadership & Talent Development
•    Build, lead, and mentor a multidisciplinary cybersecurity team (e.g., security engineers, analysts, architects, compliance specialists) supporting Federal customers.
•    Set clear goals, performance expectations, and development plans to foster a culture of high performance, accountability, and continuous improvement.
•    Promote collaboration with engineering, operations, legal, compliance, and program management teams.
•    Drive a security-aware culture across all teams working on Federal programs through communication and engagement.
Stakeholder & Customer Engagement
•    Represent cybersecurity in engagements with Federal customers, auditors, inspectors general, and regulatory bodies.
•    Support business development and capture activities by contributing to proposals, RFP responses, and customer presentations related to security capabilities.
•    Communicate complex security and risk topics in clear, business-relevant language to technical and non-technical audiences.
 

About You

This role may require a security clearance at the TS/SCI w/CI Poly level. Applicants must have the ability to obtain and maintain a U.S. government issued security clearance. An active TS/SCI w/CI Poly is preferred.

Basic Qualifications:

•    10+ years of progressive experience in cybersecurity, with at least 5 years leading security teams or programs.
•    Demonstrated experience managing cybersecurity for U.S. Federal Government programs, agencies, or contractors.
•    In-depth knowledge of key federal cybersecurity frameworks and regulations, including:
o    NIST RMF and NIST SP 800-53
o    NIST Cybersecurity Framework (CSF)
o    FISMA, FedRAMP, IL (if applicable to your environment)
o    Relevant OMB, DHS/CISA, and agency-specific guidance
•    Proven experience leading security authorization/ATO processes and continuous monitoring activities for Federal systems.
•    Strong understanding of modern enterprise and cloud security, including Zero Trust, identity-centric security, network segmentation, endpoint security, and secure software development.
•    Demonstrated success in incident management, including coordination with internal stakeholders and, where applicable, federal authorities.

Preferred Qualifications

•    Bachelor’s degree in Computer Science, Information Security, Engineering, or related field; or equivalent work experience.
•    Advanced degree (Master’s) in Cybersecurity, Information Assurance, or related discipline.
•    Relevant security certifications such as CISSP, CISM, CISA, CCSP, GIAC (e.g., GSEC, GCIA, GCIH), or equivalent.
•    Experience with major cloud service providers (e.g., AWS, Azure, Google Cloud) and associated federal offerings (e.g., GovCloud, IL environments).
•    Experience working with or within agencies such as DoD, DHS, DOJ, Treasury, or Intelligence Community.
•    Background in secure system architecture, security engineering, or threat intelligence focused on nation-state and advanced threats.
•    Experience supporting proposal development, customer briefings, and formal audits/assessments.

Competencies

•    Strong leadership and people management skills, with the ability to inspire and develop a high-performing team.
•    Excellent written and verbal communication skills, including the ability to convey complex risk and security topics succinctly.
•    Strategic and analytical thinker with a bias for action and the ability to prioritize in a dynamic environment.
•    Collaborative, customer-focused mindset with the ability to build trust and credibility with Federal stakeholders.
•    High integrity, sound judgment, and a strong sense of accountability and mission orientation.
 

Workday Pay Transparency Statement

The annualized base salary ranges for the primary location and any additional locations are listed below.  Workday pay ranges vary based on work location. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants. Recruiters can share more detail during the hiring process. Each candidate’s compensation offer will be based on multiple factors including, but not limited to, geography, experience, skills, job duties, and business need, among other things. For more information regarding Workday’s comprehensive benefits, please click here.

Primary Location: USA.VA.Reston

 

Primary Location Base Pay Range: $231,000 USD - $346,600 USD

 

Additional US Location(s) Base Pay Range: $209,000 USD - $372,000 USD

Our Approach to Flexible Work
 

With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.

Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.

Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.

At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email accommodations@workday.com.

Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!

At Workday, we value our candidates’ privacy and data security.  Workday will never ask candidates to apply to jobs through websites that are not Workday Careers. 

  

Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.

  

In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.