Sr. Cybersecurity Engineer - Third Party Security

Your work days are brighter here.At Workday, it all began with a conversation over breakfast. When our founders met at a sunny California diner, they came up with an idea to revolutionize the enterprise software market. And when we began to rise, one thing that really set us apart was our culture. A culture which was driven by our value of putting our people first. And ever since, the happiness, development, and contribution of every Workmate is central to who we are. Our Workmates believe a healthy employee-centric, collaborative culture is the essential mix of ingredients for success in business. That’s why we look after our people, communities and the planet while still being profitable. Feel encouraged to shine, however that manifests: you don’t need to hide who you are. You can feel the energy and the passion, it's what makes us unique. Inspired to make a brighter work day for all and transform with us to the next stage of our growth journey? Bring your brightest version of you and have a brighter work day here.About the TeamWorkday is looking for a highly motivated and dedicated Sr. Cybersecurity Engineer to join our Third Party Security (TPS) team. Our primary goal is to uphold Workday’s Security value of rigorously managing third-party cybersecurity risks by providing visibility into Workday’s security posture through vendor reviews, security lifecycle management, and application technical governance ensuring the protection of Workday's data and integrations.The TPS team supports and partners with key departments across the organization and multi-functional collaborations with Procurement, Business Technology (BT), Legal, Internal Audit, and other Security organizations.About the RoleAn ideal candidate should have a deep understanding of cybersecurity principles and best practices, as well as experience securing APIs and third-party integrations.Responsible for identifying, analyzing and mitigating security risks associated with our APIs and third-party integrations.Manage a Cloud Access Security Broker (CASB) solution to monitor and control access to cloud-based applications and data.Automate technical solutions to streamline resolutions and remediate third-party app-to-app governance risks. Mature and manage the implementation of third-party security controls and solutions  to ensure the security of our third-party applications and data.Conduct due diligence assessments and ongoing monitoring to continuously maintain a level of assurance with our third-party supplier’s security postureParticipate in audits and assessments of third-party security controls and solutions to ensure compliance with relevant regulations, standards, and policies.Work closely with internal partners and external vendors to identify and address security risks, vulnerabilities, and compliance issues related to third-party applications.About YouBasic Qualifications6+ years of experience in cybersecurity, with expertise in third-party security, API security, third-party integrations, and Cloud Access Security Broker (CASB).Bachelor's degree in Computer Science, Information Security, or a related field.Strong knowledge or experience in securing APIs,  third-party integrations, quantifying security risk ratings and understanding appropriate remediation requirements to address identified risks.Strong knowledge or hands-on experience in Github, OneTrust/GRC Tools, Slack or Okta implementations, application security, and third-party app governance.Strong knowledge of general industry standard certifications, i.e. SOC 2 Type 2, ISO 27001, HITRUST etc. Exposure to a range of security and compliance frameworks such as NIST, CIS Benchmark, FedRAMP and ISOStrong knowledge in vendor risk assessments, vendor risk management, due diligence, and continuous monitoring procedures. Other QualificationsExperience with coding or scripting and understanding of engineering designs is a plus.Strong analytical and problem-solving skills, with the ability to identify and address complex security risks and issues.Relevant security certifications, such as CTPRP, CISSP, CISA, or CISM, are a plus.Excellent communication and interpersonal skills, with the ability to work collaboratively with internal partners and external vendors.Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!