WORKDAY SECURITY ANALYST II

Summary This role is not a contract position and offers long‑term career growth, benefits, and the opportunity to contribute to the ongoing evolution of the organization’s Workday ecosystem. Position Highlights The Security Analyst II maintains and supports the organization’s Workday security infrastructure, ensuring secure and efficient access management for all users. The role focuses on day‑to‑day operational security activities, including user provisioning through Workday and SailPoint, managing security groups, maintaining role‑based access controls, domain security policies and business process security policies. The analyst supports the full security life cycle by configuring security in Workday, performing routine audits, responding to security incidents, and maintaining accurate documentation. By ensuring compliance with internal policies and regulatory requirements, the analyst helps safeguard sensitive HR and financial data while enabling seamless business operations. The analyst supports Workday’s infrastructure through governance, sustains continuous policy improvements, and keeps the organization audit‑ready. This role will help shape our security framework as we launch Workday and enforce the policies after go‑live. The role focuses on developing, maintaining, and monitoring security governance frameworks, including security policies and audit procedures. The analyst partners with HR, IT, and Internal Audit teams to perform regular security audits, document controls, and support internal and external audits. The analyst also proactively identifies risks, recommends process improvements, and contributes to the overall security strategy, ensuring the Workday environment remains secure, compliant, and well‑governed. Responsibilities Demonstrate proof of security controls during internal and external audits. Provision and deprovision access in Workday. Monitor segregation of duties. Collaborate with IT and business customers on security‑impacting changes. Document change controls for security changes made. Support Workday releases with a focus on security impacts and security regression testing. Drive continuous improvement in security governance processes. Educate business leaders on security policies. Contribute to discussions and decisions concerning enterprise application security. Monitor emerging threats and recommend proactive security enhancements. Stay up to date on Workday releases involving security. Champion security feature adoption where beneficial. Develop and enforce Workday security governance policies. Perform security audits, assessments, and readiness for internal and external compliance requirements. Monitor system activity and ensure policy compliance. Lead audit readiness efforts and maintain documentation. Review security roles and access controls for adherence to policy. Develop and maintain awareness of divisional and data security and comply with policies and procedures. Ensure alignment of security practices with organizational goals and regulatory standards. Credentials and Experience Bachelor’s Degree in Information Security, Computer Science, Risk Management or a related field. Minimum of 3 years of experience in IT governance, risk, and compliance (GRC). Preferred 2 years of experience with Workday security and SailPoint access control. Knowledge of security frameworks and regulatory compliance (e.g., SOX). Experience configuring, maintaining, and auditing Workday security, including domains, business processes, and security groups. Hands‑on experience with user provisioning, deprovisioning, and access management in Workday. Experience performing security impact assessments for configuration changes and enhancements. Managing role‑based access controls and segregation of duties monitoring. Troubleshooting SSO/SAML authentication and access issues. Conducting security reviews, risk assessments, and remediation planning. Experience handling security incidents, escalations, and break/fix support. Partnering with HR, Financials and Supply Chain customers for issue resolution. Experience monitoring integration and EIB access to ensure data security. Building security audit reports and dashboards. Supporting Workday releases, feature adoption, and security regression testing. Documenting change controls and approvals for security updates. Partnering with stakeholders to prioritize and execute security enhancements. Certification Workday Security within 9 months of hire/job change. CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) preferred. #J-18808-Ljbffr Moffitt Cancer Center