diff --git a/.github/workflows/ci_codebuild-tests.yml b/.github/workflows/ci_codebuild-tests.yml
index 1133ad3c3..a0078cd86 100644
--- a/.github/workflows/ci_codebuild-tests.yml
+++ b/.github/workflows/ci_codebuild-tests.yml
@@ -6,6 +6,12 @@ on:
   # Run once a day
   schedule:
     - cron: "0 0 * * *"
+  # Add workflow_call trigger
+  workflow_call:
+    # Define any secrets that need to be passed from the caller
+    secrets:
+      CI_AWS_ROLE_ARN:
+        required: true
 
 permissions:
   id-token: write
diff --git a/.github/workflows/ci_codebuild_batch.yml b/.github/workflows/ci_codebuild_batch.yml
index e8ad73bb9..243638f65 100644
--- a/.github/workflows/ci_codebuild_batch.yml
+++ b/.github/workflows/ci_codebuild_batch.yml
@@ -1,11 +1,11 @@
 name: AWS CodeBuild Batch Workflow
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: "0 0 * * *"
+  workflow_call:
+    # Define any secrets that need to be passed from the caller
+    secrets:
+      CI_AWS_ROLE_ARN:
+        required: true
 
 permissions:
   id-token: write
diff --git a/.github/workflows/ci_decrypt-oracle.yaml b/.github/workflows/ci_decrypt-oracle.yaml
index baf01c571..131beb1a7 100644
--- a/.github/workflows/ci_decrypt-oracle.yaml
+++ b/.github/workflows/ci_decrypt-oracle.yaml
@@ -1,11 +1,7 @@
 name: Continuous Integration tests for the decrypt oracle
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
 
 jobs:
   tests:
diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml
index 7f74e8fc3..fe5f44b7c 100644
--- a/.github/workflows/ci_static-analysis.yaml
+++ b/.github/workflows/ci_static-analysis.yaml
@@ -1,11 +1,7 @@
 name: Static analysis checks
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
 
 jobs:
   analysis:
diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml
index 90c87e502..433f805f8 100644
--- a/.github/workflows/ci_test-vector-handler.yaml
+++ b/.github/workflows/ci_test-vector-handler.yaml
@@ -1,11 +1,13 @@
 name: Continuous Integration tests for the test vector handler
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
+    # Define any secrets that need to be passed from the caller
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID:
+        required: true
+      INTEG_AWS_SECRET_ACCESS_KEY:
+        required: true
 
 jobs:
   tests:
diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml
index 256e49ce4..acb0b9b33 100644
--- a/.github/workflows/ci_tests.yaml
+++ b/.github/workflows/ci_tests.yaml
@@ -1,11 +1,7 @@
 name: Continuous Integration tests
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
 
 env:
   AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: |
diff --git a/.github/workflows/daily_ci.yml b/.github/workflows/daily_ci.yml
new file mode 100644
index 000000000..a5c5ddc02
--- /dev/null
+++ b/.github/workflows/daily_ci.yml
@@ -0,0 +1,39 @@
+# This workflow runs every weekday at 15:00 UTC (8AM PDT)
+name: Daily CI
+
+on:
+  schedule:
+    - cron: "00 15 * * 1-5"
+
+jobs:
+  codebuild_batch:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_codebuild_batch.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  codebuild_tests:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_codebuild-tests.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  decrypt_oracle:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_decrypt-oracle.yaml
+  static_analysis:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_static-analysis.yaml
+  test_vector_handler:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_test-vector-handler.yaml
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
+      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
+  tests:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_tests.yaml
\ No newline at end of file
diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml
new file mode 100644
index 000000000..6b4c1b7ab
--- /dev/null
+++ b/.github/workflows/pull.yml
@@ -0,0 +1,45 @@
+name: Pull Request Workflow
+
+on:
+  pull_request:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  # Call each workflow with appropriate parameters
+  codebuild_batch:
+    uses: ./.github/workflows/ci_codebuild_batch.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  codebuild_tests:
+    uses: ./.github/workflows/ci_codebuild-tests.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  decrypt_oracle:
+    uses: ./.github/workflows/ci_decrypt-oracle.yaml
+  static_analysis:
+    uses: ./.github/workflows/ci_static-analysis.yaml
+  test_vector_handler:
+    uses: ./.github/workflows/ci_test-vector-handler.yaml
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
+      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
+  tests:
+    uses: ./.github/workflows/ci_tests.yaml
+  pr-ci-all-required:
+    if: always()
+    needs:
+      - codebuild_batch 
+      - codebuild_tests
+      - decrypt_oracle
+      - static_analysis
+      - test_vector_handler
+      - tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Verify all required jobs passed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 000000000..e2d7d70d6
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,36 @@
+name: Push Workflow
+
+on:
+  push:
+    branches: master
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  # Call each workflow with appropriate parameters
+  codebuild_batch:
+    uses: ./.github/workflows/ci_codebuild_batch.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  
+  codebuild_tests:
+    uses: ./.github/workflows/ci_codebuild-tests.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  
+  decrypt_oracle:
+    uses: ./.github/workflows/ci_decrypt-oracle.yaml
+  
+  static_analysis:
+    uses: ./.github/workflows/ci_static-analysis.yaml
+  
+  test_vector_handler:
+    uses: ./.github/workflows/ci_test-vector-handler.yaml
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
+      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
+  
+  tests:
+    uses: ./.github/workflows/ci_tests.yaml