THIS IS A NON-CIVIL SERVICE POSITIONSalary Range: $101,034.00 - $166,502.00 AnnuallyHiring Salary Range:$101,034.00 - $133,768.00 AnnuallyJob Summary:The City of Baltimore is seeking a highly skilled and motivated Workday Security Administrator to join our Workday Product Management Support (WPMS) team. This critical role is responsible for configuring, maintaining, and advising on security within the Workday application (including domain security policies, roles, and role assignments). The successful candidate will collaborate with the Information Security (InfoSec) team to ensure the confidentiality, integrity, and availability of all Workday-related data, protecting sensitive financial, HR, and operational information from internal and external threats, and ensuring compliance with all relevant City, State, and Federal regulations.
Essential FunctionsSecurity Design and Implementation- Role and Authentication Management: Design, implement, and maintain robust role-based access control (RBAC) structures, user authentication policies, and permission matrices within the Workday system.
- Segregation of Duties (SoD): Develop and enforce Segregation of Duties (SoD) policies to mitigate financial and operational risk.
- Security Architecture: Design and manage Workday landscape security, including client/instance hardening, transport security, interface security, and secure configuration of gateway and message server services.
- System Hardening: Apply security patches, updates, and configuration best practices to harden the Workday application.
Monitoring, Audit, and Compliance- Security Monitoring: Configure and monitor security audit logs, critical transaction usage, and suspicious activity within the Workday system; respond promptly to security incidents.
- Internal/External Audits: Serve as the primary security liaison for internal and external audits; provide evidence of compliance and implement remediation plans for identified control deficiencies.
- Policy Enforcement: Ensure all Workday security policies and procedures align with City and regulatory standards (e.g., PCI-DSS compliance, GDPR for resident data, etc., if applicable).
- Vulnerability Management: Conduct regular security scans, penetration testing, and vulnerability assessments of the Workday platform.
- Workday-delivered reports can help you answer security-related questions.
Operational Maintenance and Support- User Lifecycle Management: Manage the end-to-end lifecycle of Workday user accounts, including provisioning, de-provisioning, access reviews, and emergency access procedures.
- Integration Security: Manges security groups for integrations and ensures the integration functions as expected and does not expose sensitive data due to misconfigured permissions. Maintains detailed records of integration security configurations for audit purposes.
- Single Sign-On (SSO): Configure and maintain integration with the City's identity management system for Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
- Security Policy Change Control: Participate in change control reviews to ensure security policies and data privacy standards are aligned with City and regulatory standards
- Documentation: Create and maintain comprehensive security documentation, standard operating procedures, and runbooks for all Workday security controls.
- Technical Account Management (TAM): Engage with Workday TAM to stay updated on new security features within the application's future roadmap and implement where possible.
Minimum QualificationsEducation: have a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
ANDExperience: Minimum 3-5 years of hand-on experience with Workday as a Security Administrator or Configurator or security related role.
Experience in the public sector or government environment is highly desirable.
Certifications (Preferred)- Workday Pro Platform Administrator Certification
- Workday Pro Security Certification
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
Knowledge, Skills, and Abilities- Solid understanding of the Workday configurable security framework, security features and controls
- Ability to accurately collect information in order to understand and assess the clients' needs and situation
- Working knowledge of HR/Finance information systems, data models organization structures, and roles
- Strong verbal and written communication skills to interact with functional and IT clients
- Comfortable enforcing adherence to security policies and practices
- Excellent problem-solving and analytical skills, with the ability to identify and address complex issues
- Effective communication and collaboration skills, with the ability to work cross- functionally
Technical Skills (Required)- Proficiency in Security Information and Event Management (SIEM) tools (e.g.,Splunk, Microsoft Sentinel, and IBM QRadar) or Governance, Risk, and Compliance (GRC) tools (e.g., SAP GRC Access Control) for continuous monitoring and violation remediation.
- Understanding of network protocols, security concepts, and best practices for secure application and infrastructure design.
- In-depth knowledge of Workday security concepts including Role-Based Access Control (RBAC), Transactional Authorization, and Parameter Management.
- Strong understanding of network security principles, firewalls, and secure communication protocols (TLS/SSL, SAML, OAuth).
- Experience with Identity and Access Management (IAM) and privileged access management (PAM) solutions.
- Familiarity with database security best practices (e.g., Oracle Database Security, SQL Server Security).
- Analytical Thinking: Ability to quickly assess complex security risks and design effective, pragmatic solutions.
- Communication: Excellent written and verbal communication skills, with the ability to clearly articulate technical risks to both technical teams and non-technical stakeholders.
- Collaboration: Proven ability to work effectively across functional teams (HR,Finance, Procurement) to understand business processes and translate them into secure technical controls.
- Integrity: High degree of professionalism and integrity in handling sensitive City data.
- Organizational and Time Management: Proven ability to prioritize tasks and work on multiple projects simultaneously.
Additional Information Background Check Eligible candidates under final consideration for appointment to positions identified as positions of trust will be required to complete authorization for a Criminal Background Check and/or Fingerprint must be successfully completed.
Probation All persons, including current City employees, selected for this position must complete a mandatory six-month probation.
