Workday Security Administrator

The Opportunity

The Applications Analyst II provides design, development, testing, implementation and ongoing maintenance of new and existing software applications. S/he also provides training and support to end users.

Reporting to the Sr. Director of Business Applications in the Information Services department, the Security Administrator is a member of the team responsible for Dana-Farber Cancer Institute's (DFCI) financial, human capital and supply chain applications. This position will be responsible for the design, implementation, and maintenance of security configurations and protocols within the Workday and UKG systems. This role ensures that user access controls are properly managed, compliance requirements are met, and sensitive employee data is protected. The ideal candidate will have a strong background in Workday security administration, a keen eye for detail, and a proactive approach to identifying and mitigating security risks.

This role will represent and contribute heavily across Finance, Human Resources and Supply Chain areas and will have a solid understanding of both the technology and business processes in this domain. Our team emphasizes continuous improvement, customer focus, and excellence in a collaborative environment that empowers the Institute to achieve its business goals.

Specific Responsibilities:

Security Configuration and Maintenance:

• Design and configure security roles and permissions within Workday and UKG, ensuring the appropriate levels of access for different user groups.
• Regularly review and update security roles based on changes in business requirements, regulatory standards, and Workday and UKG updates.
• Manage and configure domain and business process security policies.

User Access Management:

• Oversee the user provisioning and de-provisioning process, ensuring timely and accurate updates to user access rights.
• Implement and manage role-based access controls (RBAC) to ensure that users have the minimum necessary access.
• Conduct regular access reviews and re-certifications to maintain compliance with internal policies and external regulations.

Compliance and Auditing:

• Conduct regular audits of security configurations and user access to ensure compliance with organizational policies, industry standards, and regulatory requirements.
• Develop and maintain audit logs and reports for review by internal and external auditors.
• Implement continuous monitoring mechanisms to identify and address potential security violations.

Incident Response and Resolution:

• Monitor system activity for security incidents, suspicious activities, and vulnerabilities.
• Respond to and investigate security incidents, coordinating with Information Security and other relevant departments to mitigate and resolve issues promptly.
• Document security incidents, resolutions, and lessons learned to improve future response strategies.

Policy Development and Documentation:

• Develop, implement, and maintain security policies, procedures, and guidelines to support the effective management of Workday and UKG security.
• Create and update comprehensive documentation for security configurations, processes, and protocols.
• Ensure all security policies are communicated to and understood by relevant stakeholders.

Training and User Support:

• Provide training and support to end-users on security best practices, Workday and UKG security features, and the importance of data protection.
• Develop and deliver security awareness programs and materials to promote a culture of security within the organization.
• Assist users with security-related issues and queries, providing timely and accurate resolutions.

Collaboration and Continuous Improvement:

• Work closely with departments to understand business needs and ensure that security configurations support organizational goals.
• Stay up-to-date with the latest Workday and UKG updates, security trends, and best practices, integrating them into the organization's security strategy.
• Participate in Workday and UKG community forums, user groups, and training sessions to continuously improve skills and knowledge.

Skills:

• Proficiency in configuring and managing Workday Security Groups (e.g., Role-Based, User-Based).
• Expertise in managing Domain Security Policies and Business Process Security Policies.
• Ability to perform Security Audits and User Access Reviews within Workday.
• Experience with Security Configuration Migration using Workday Object Transporter (OOT).
• Knowledge of Segregation of Duties (SoD) principles and their implementation within Workday.
• Familiarity with Workday Security Reports and their customization.
• Proficiency in Workday User Provisioning and De-Provisioning processes.
• Understanding of Workday Security Compliance requirements (e.g., GDPR, SOX).
• Strong analytical and problem-solving skills.
• Excellent communication skills for explaining complex security concepts to non-technical stakeholders.
• Detail-oriented with a proactive approach to identifying and mitigating risks.
• Ability to work independently and collaboratively
• Experience in the development, support or operation of software applications in a healthcare setting
• Excellent oral and written communication skills
• Strong interpersonal skills to effectively communicate with both technical and non-technical staff
• Demonstrated analytic and problem-solving skills
• Ability to learn quickly
• Knowledge of Microsoft Office 365 and other popular office productivity solutions

Qualifications

* Bachelor's Degree required
* 5+ years of healthcare information technology experience
* A combination of education and experience may be substituted for requirements

Skills

Experience in the development, support or operation of software applications in a healthcare setting
* Excellent oral and written communication skills
* Strong interpersonal skills to effectively communicate with both technical and non-technical staff
* Demonstrated analytic and problem-solving skills
* Ability to learn quickly
* Knowledge of Microsoft Office 365 and other popular office productivity solutions

Mass General Brigham is an Equal Opportunity Employer. By embracing diverse skills, perspectives, and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.