Workday Principal – Security

Job Title: Principal Workday Security

Department: IT

Location: Bangalore

Work Model: Hybrid (2 days per week mandatory in office)

BrandSafway is a leading provider of specialty services to North America's energy markets. Its extensive portfolio of specialized industrial service offerings includes scaffolding, coatings, insulation, refractory, forming & shoring, cathodic protection, mechanical services and other related crafts. The company also serves the infrastructure and commercial markets throughout North America and in strategic international regions. Brand operates in five key market segments: Upstream/Midstream, Downstream, Power Generation, Industrial and Infrastructure.

Job Summary:

We are looking for an experienced and forward-thinking Workday Principal Security to join our HRIT Organization. This role is responsible for owning the Workday security architecture, leading the delivery of security initiatives, overseeing BAU operations, ensuring audit readiness, and driving long-term remediation efforts. The ideal candidate brings deep expertise in Workday Security and a strong governance mindset.

This position plays a critical role in ensuring:

• A scalable, compliant, and auditready Workday security framework
• Reduced security risks and minimized audit findings
• Robust governance across access, approvals, and security exceptions
• Long-term stability, reliability, and trust in Workday security operations

Experience Level: 10-15 years of total experience with 5 to 7+ years hands-on Workday Security expertise.

Key Responsibilities:

• Security Model & Strategy
• Redesign and optimize the Workday security model aligned to business structure.
• Define and enforce Workday security best practices and least-privilege access across HCM, Financials, Integrations, and Reporting.
• Define and implement RBAC
• Collaborate with business owners, application teams, and security stakeholders to define identity requirements.
• Communicate technical solutions clearly to non-technical stakeholders. Recommend enhancements to improve identity governance maturity.
• Workday Security Configuration
• Own domain, business process, role-based, and constrained security configuration.
• Govern approval workflows and security dependencies.
• Approval Workflow & Audit Enablement
• Play a critical role in designing and maintaining approval workflows with appropriate security controls
• Ensure audit readiness by embedding security controls into approval chains and business processes.
• Validate segregation of duties (SoD) and compliance with internal and external audit requirements.
• Audit & Compliance
• Ensure audit readiness through strong security controls and approval governance.
• Establish and maintain security audit processes where gaps exist. Partner with Audit, Risk, and Compliance teams to support reviews, walkthroughs, and evidence requests.
• Proactively identify audit risks and implement preventive controls. Support internal and external audit activities.
• BAU & Root Cause Fixation
• Oversee BAU security operations and access management.
• Automate recurring identity tasks and optimize processes.
• Perform root cause analysis and drive permanent security fixes.
• Security Exceptions & Reviews
• Govern security exceptions ensuring time-bound, approved access.
• Validate access revocation post exception period and conduct periodic access reviews.

Required Skills & Experience:

• Strong hands-on experience in Workday Security configuration.
• Deep understanding of:
• Domain & business process security
• Role-based access control
• Security groups and constraints
• Experience supporting audits in a Workday environment.
• Governance & Audit
• Proven experience aligning Workday security with audit and compliance requirements.
• Strong understanding of access controls, SoD, and approval governance.
• Ability to design and operationalize security audit frameworks.
• Analytical & Leadership Skills
• Strong analytical skills with the ability to perform root cause analysis.
• Ability to influence stakeholders and drive governance without friction.
• Comfortable working with HR, Finance, IT, Audit, and Leadership teams.

Preferred Qualifications:

• Workday Security certification(s).
• Experience in large or complex Workday implementations.
• Exposure to SOX, internal audits, or external compliance frameworks.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.
• Ability to work independently and lead data-driven initiatives.

KPIs for This Role:

• Security model redesign and standardization should be completed at 95100%.
• Audit findings and SoD violations should remain at zero major findings.
• Access SLAs and exception governance should be met at 98100%.
• Workflow accuracy should maintain zero defects.
• Automated controls and business process compliance should be at 95% or higher.
• Workday release adoption and risk reduction improvements should reach 90% or more.