Description:
Workday System Analyst - Security
We are seeking a talented HCM System Analyst to help develop scalable, secure solutions on Workday to support and optimize our HR processes.
What you'll be doing:
• Design, audit, and maintain the Workday security model — including Domain Security Policies, Business Process Security Policies, Security Groups (role-based, user-based, intersection, etc.) — continuously optimizing the security framework to balance robust protection with the practical needs of the business.
• Collaborate with stakeholders and team members to Plan, Design, Configure and Test Workday HCM business processes including Hire, Onboarding, Change Job, Termination, and more.
• Maintaining the HCM core data model, including supervisory organizations, job profiles, locations, and cost centers, with attention to how organizational structure directly shapes security group membership and data access scope.
• Review and translate role requests into appropriate role assignments in Workday.
• Conduct regular security audits, including review of security group membership, unconstrained access, and policy exceptions, to maintain least-privilege standards across the tenant.
• Utilize EIBs to process mass actions for business process and data changes, ensuring appropriate security controls and audit trails are maintained throughout.
What we need to see:
• 3+ years of hands-on Workday HCM configuration experience in production environments, including direct ownership of security configuration.
• Demonstrated proficiency in fundamental HCM business processes including Hire, Onboarding, Change Job, and Termination — with the ability to design BP security policies that enforce appropriate approval chains and data visibility.
• Deep proficiency in Workday's security framework, including Domain Security Policies, Business Process Security Policies, Security Groups and Assignable Roles.
• Ability to troubleshoot security issues using tools such as View Security for Securable Item, security group membership reports, and domain policy analysis.
• Experience configuring tenant security policies including SAML, OAuth and Authentication policies.
• Experience with data loading and transformation via EIBs, with an understanding of how security permissions gate EIB access and data visibility.
• Familiarity with data privacy and legal guidelines (e.g., GDPR/CCPA, SOX controls) and a track record of translating those requirements into Workday security configurations that protect PII and support audit readiness.
• Excellent problem-solving, documentation, and communication skills, including the ability to explain security concepts to non-technical stakeholders.