Workday Security Analyst Ii

At Moffitt Cancer Center, we strive to be the leader in understanding the complexity of cancer and applying these insights to contribute to the prevention and cure of cancer. Our diverse team of over 9,000 are dedicated to serving our patients and creating a workspace where every individual is recognized and appreciated. For this reason, Moffitt has been recognized on the 2023 Forbes list of America’s Best Large Employers and America’s Best Employers for Women, Computerworld magazine’s list of 100 Best Places to Work in Information Technology, Diversity Inc Top Hospitals & Health Systems and continually named one of the Tampa Bay Time’s Top Workplace.

Additionally, Moffitt is proud to have earned the prestigious Magnet® designation in recognition of its nursing excellence. Moffitt is a National Cancer Institute-designated Comprehensive Cancer Center based in Florida, and the leading cancer hospital in both Florida and the Southeast. We are a top 10 nationally ranked cancer center by Newsweek and have been nationally ranked by U.S. News & World Report since 1999.
Working at Moffitt is both a career and a mission: to contribute to the prevention and cure of cancer. Join our committed team and help shape the future we envision.

• The Security Analyst II is responsible for maintaining and supporting the organization's Workday security infrastructure, ensuring secure and efficient access management for all users. This role focuses on day-to-day operational security activities, including user provisioning through Workday and SailPoint, managing security groups, maintaining role-based access controls, domain security policies and business process security policies.
• The analyst supports the full security life cycle by configuring security in Workday, performing routine audits, responding to security incidents, and maintaining accurate documentation. By ensuring compliance with internal policies and regulatory requirements, the Analyst helps safeguard sensitive HR and financial data while enabling seamless business operations.
• The analyst supports Workday's infrastructure through governance, sustains continuous policy improvements, and keeps the organization audit-ready. This role will help shape our security framework as we launch Workday and enforce the policies after go-live.
• This role focuses on developing, maintaining, and monitoring security governance frameworks, including security policies and audit procedures. The analyst partners with HR, IT, and Internal Audit teams to perform regular security audits, document controls, and support internal and external audits. The role also proactively identifies risks, recommends process improvements, and contributes to the overall security strategy, ensuring the Workday environment remains secure, compliant, and well-governed.

• Demonstrate proof of security controls during internal and external audits.
• Provision and deprovision access in Workday.
• Monitor segregation of duties
• Collaborate with IT and business customers on security-impacting changes.
• Document change controls for security changes made.
• Support Workday releases with a focus on security impacts and security regression testing.
• Drive continuous improvement in security governance processes.
• Educate business leaders on security policies
• Contribute to any discussions and decisions concerning enterprise application security.
• Monitor emerging threats and recommend proactive security enhancements.
• Proactively stay up to date on Workday releases involving security.
• Champion security feature adoption where beneficial.
• Develop and enforce Workday security governance policies.
• Perform security audits, assessments, and readiness for internal and external compliance requirements.
• Monitor system activity and ensure policy compliance.
• Lead audit readiness efforts and maintain documentation.
• Review security roles and access controls for adherence to policy.
• Develop and maintain awareness of divisional and data security and comply with policies and procedures.
• Ensure alignment of security practices with organizational goals and regulatory standards.