Workday Security Administrator (NCS) - BCIT

THIS IS A NON-CIVIL SERVICE POSITION

Salary Range:

$101,034.00 - $166,502.00 Annually

Hiring Salary Range:

$101,034.00 – $133,768.00 Annually

Get to Know Us

Welcome to the City of Baltimore! Experience the reward of a fulfilling career and enjoy the added element of excitement in a vibrant, diverse atmosphere. The City of Baltimore offers limitless opportunities to help drive social impact, both on the job and in the community, while serving its citizens. Join us in making Baltimore a great place to live and work. In the City of Baltimore, we hire great people and provide them with the skills and opportunities to grow toward their career aspirations. If you are looking for a career change or interested in learning more, explore our opportunities and benefits programs. We are excited to have you as a part of the City of Baltimore Team! The city offers medical, prescription drug, dental, vision, optional life, AD&D, and FSA plans. This office also supplies wellness programs, support groups, and workshops. You can learn about our benefits here: https://humanresources.baltimorecity.gov/hr-divisions/benefits  

Job Summary:  

The City of Baltimore is seeking a highly skilled and motivated Workday Security Administrator to join our Workday Product Management Support (WPMS) team. This critical role is responsible for configuring, maintaining, and advising on security within the Workday application (including domain security policies, roles, and role assignments). The successful candidate will collaborate with the Information Security (InfoSec) team to ensure the confidentiality, integrity, and availability of all Workday-related data, protecting sensitive financial, HR, and operational information from internal and external threats, and ensuring compliance with all relevant City, State, and Federal regulations.

Essential Functions

Security Design and Implementation

• Role and Authentication Management: Design, implement, and maintain robust role-based access control (RBAC) structures, user authentication policies, and permission matrices within the Workday system.
• Segregation of Duties (SoD): Develop and enforce Segregation of Duties (SoD) policies to mitigate financial and operational risk.
• Security Architecture: Design and manage Workday landscape security, including client/instance hardening, transport security, interface security, and secure configuration of gateway and message server services.
• System Hardening: Apply security patches, updates, and configuration best practices to harden the Workday application.

Monitoring, Audit, and Compliance

• Security Monitoring: Configure and monitor security audit logs, critical transaction usage, and suspicious activity within the Workday system; respond promptly to security incidents.
• Internal/External Audits: Serve as the primary security liaison for internal and external audits; provide evidence of compliance and implement remediation plans for identified control deficiencies.
• Policy Enforcement: Ensure all Workday security policies and procedures align with City and regulatory standards (e.g., PCI-DSS compliance, GDPR for resident data, etc., if applicable).
• Vulnerability Management: Conduct regular security scans, penetration testing, and vulnerability assessments of the Workday platform.

• Workday-delivered reports can help you answer security-related questions.

Operational Maintenance and Support

• User Lifecycle Management: Manage the end-to-end lifecycle of Workday user accounts, including provisioning, de-provisioning, access reviews, and emergency access procedures.
• Integration Security: Manges security groups for integrations and ensures the integration functions as expected and does not expose sensitive data due to misconfigured permissions. Maintains detailed records of integration security configurations for audit purposes.
• Single Sign-On (SSO): Configure and maintain integration with the City's identity management system for Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
• Security Policy Change Control: Participate in change control reviews to ensure security policies and data privacy standards are aligned with City and regulatory standards
• Documentation: Create and maintain comprehensive security documentation, standard operating procedures, and runbooks for all Workday security controls.
• Technical Account Management (TAM): Engage with Workday TAM to stay updated on new security features within the application’s future roadmap and implement where possible.

Minimum Qualifications

Education: have a bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.

AND

Experience: Minimum 3-5 years of hand-on experience with Workday as a Security Administrator or Configurator or security related role.

Experience in the public sector or government environment is highly desirable.

Certifications (Preferred)

• Workday Pro Platform Administrator Certification
• Workday Pro Security Certification
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)

Knowledge, Skills, and Abilities

• Solid understanding of the Workday configurable security framework, security features and controls
• Ability to accurately collect information in order to understand and assess the clients’ needs and situation
• Working knowledge of HR/Finance information systems, data models organization structures, and roles
• Strong verbal and written communication skills to interact with functional and IT clients
• Comfortable enforcing adherence to security policies and practices
• Excellent problem-solving and analytical skills, with the ability to identify and address complex issues
• Effective communication and collaboration skills, with the ability to work cross- functionally

Technical Skills (Required)

• Proficiency in Security Information and Event Management (SIEM) tools (e.g.,Splunk, Microsoft Sentinel, and IBM QRadar) or Governance, Risk, and Compliance (GRC) tools (e.g., SAP GRC Access Control) for continuous monitoring and violation remediation.