Security Analyst for Workday is responsible for managing and maintaining secure role-based access controls, enforcing least-privilege principles, and ensuring proper segregation of duties within the platform. The role monitors Workday security logs and user activity to detect anomalous behavior, potential insider threats, or unauthorized access attempts. The analyst also evaluates configuration changes, system updates, and new functionality to ensure security controls remain aligned with enterprise cybersecurity standards. In addition, the position oversees security for integrations between Workday and internal or third-party systems, ensuring secure authentication, API usage, and protection of sensitive data. Finally, the analyst supports compliance and audit requirements, maintains documentation of security controls, and assists with investigations or incident response activities related to the Workday environment.
Essential Job Function:
- Administer Workday security roles and permissions, ensuring proper role-based access controls and adherence to least-privilege principles.
- Conduct periodic access reviews and certifications to validate that user privileges remain appropriate and compliant with organizational policy.
- Monitor Workday security logs and activity reports to detect suspicious behavior, unauthorized access attempts, or insider threat indicators.
- Evaluate segregation of duties (SoD) within Workday to prevent conflicts that could enable fraud, payroll manipulation, or unauthorized financial transactions.
- Review and approve security impacts of configuration changes, updates, and new modules introduced within the Workday platform.
- Assess and secure system integrations between Workday and internal or third-party applications, ensuring secure authentication, API usage, and data protection.
- Maintain documentation of security configurations and controls to support governance, compliance, and operational continuity.
- Support internal and external audits by providing evidence of security controls, access governance processes, and compliance with regulatory requirements.
- Investigate potential security incidents or policy violations related to Workday access, data usage, or system activity. Evaluate trends and present recommendations based on findings of how to resolve current issues and future issues.
- Collaborate with cybersecurity, HRIS, ERP, and identity management teams to align Workday security with enterprise cybersecurity policies and risk management practices.
Education:
- Required: Associate of Science in Cybersecurity
Experience:
Licensure/Certification/Listing:
- Required: Security+ Certification within 1 year of hiring
|
Cone Health
May 27, 2026