Description:
The Workday Senior Security Engineer exists to ensure the integrity, security, and compliance of SE Health’s Workday environment. This role designs, manages, and audits Workday security structures while also supporting reporting needs and collaborating with internal stakeholders to maintain a secure, scalable, and effective platform.
Job Responsibilities
Workday Security Governance and Controls
- Lead the design, maintenance, and enhancement of Workday security policies, including domain security, role-based and user-based security, and segmented security groups.
- Monitor and manage security change requests, ensuring proper access controls, role assignments, and business process mapping while maintaining system integrity and minimizing risk.
- Conduct quarterly audits of system access, roles, and logs to ensure alignment with internal controls and compliance standards, including Segregation of Duties (SOD).
- Support disaster recovery and business continuity planning by validating Workday's role in critical process workflows and system availability.
Compliance, Risk, and Internal Controls
- Ensure Workday security aligns with internal policies and frameworks such as ISO27001, PHIPA, and other applicable compliance requirements.
- Document and maintain internal security controls and audit trails for all roles, policies, and change activity within Workday.
- Vet and validate requests for new or modified security roles, domain policies, and business process permissions to ensure security and compliance best practices are met.
Security Configuration and System Optimization
- Configure and maintain Workday’s security architecture, including domains, security groups, and business processes across multiple functional areas.
- Implement and support enhancements and new functionality, including security-related configurations and workflow changes.
- Coordinate and perform testing of security updates and releases in Workday, ensuring smooth deployment and minimal disruption to business operations.
- Respond to support requests for Workday-related security issues, troubleshooting access or configuration errors.
Incident Management and Risk Mitigation
- Investigate and respond to Workday security incidents, collaborating with diverse teams to assess risk, determine root cause, and implement corrective actions.
- Recommend enhancements or policy changes based on incident trends, audit findings, or vulnerability reports.
- Continuously assess risks related to user access, integrations, and data exposure within Workday and propose mitigating actions as needed.
Reporting, Stakeholder Support, and Documentation
- Design and deliver Workday reports and dashboards based on business needs, using SE Health’s ticketing system to prioritize and track reporting requests.
- Work with functional stakeholders to understand their needs and provide technical solutions that support operational efficiency and data integrity.
- Maintain clear documentation on Workday security architecture, user procedures, and change management processes to support training, onboarding, and system governance.
- Provide guidance and support for knowledge sharing across the enterprise applications team and broader organization.
Required Experience
- 7+ years of experience in a security-focused role, with a minimum of 3 years working directly with Workday security.
- Experience with cloud-based security technologies and understanding of securing integrated systems.
- Strong track record of managing security projects in a regulated environment, especially in healthcare or other highly regulated industries.
- Demonstrated experience in incident response, risk management, and implementing proactive security measures.