• Responsible for day-to-day operation of the company’s compliance and AI governance program in a regulated, government-facing environment • Focus on translating regulatory, cybersecurity, AI governance, and audit requirements into actionable internal processes • Coordinate audit readiness, maintaining documentation, and ensuring ongoing compliance alignment • Partner closely with the CTO, Cloud Hosting Manager, Engineering, and Security stakeholders to support secure operations, responsible AI usage, and adherence to applicable regulatory frameworks and data protection standards • Interpret regulatory, contractual, cybersecurity, and AI governance requirements (e.g., SOC 2, CJIS, NIST-based controls, ISO 27001, AI governance standards, state/local requirements) into internal tasks and control activities • Coordinate audit readiness efforts, including evidence collection, organization, validation, and remediation tracking • Serve as primary internal point of contact for auditors; support external audit processes, security assessments, and follow-up activities • Maintain and update policies, procedures, control narratives, risk assessments, AI governance documentation, and compliance records • Track compliance status, findings, risks, and remediation efforts; ensure timely closure of identified gaps • Partner with Hosting, Engineering, Security, and Product teams to validate implementation of security, privacy, and AI-related controls • Support governance and oversight of AI-related processes, including data handling, model usage, vendor assessments, and responsible AI practices • Assist in identifying and mitigating cybersecurity, privacy, and AI-related operational risks • Escalate ambiguous, high-risk, or non-compliant requirements and coordinate resolution activities • Support vendor compliance reviews, security questionnaires, and third-party risk documentation requests as needed • Assist in maintaining control mappings across multiple compliance and security frameworks • Contribute to continuous improvement of compliance, information security, and AI governance processes

• Own the intake process for security assurance requests: review incoming tickets, triage and prioritize work, assign tasks to the appropriate team members, and track requests to resolution • Resolve routine and straightforward security inquiries and questionnaire items independently • Communicate clearly with internal stakeholders and customers throughout the assurance process, setting expectations and providing status updates • Respond to customer security questionnaires and audit requests with accuracy and timeliness, escalating complex items as appropriate • Maintain the security documentation repository and ensure materials are current and accessible • Support customer-facing security calls and presentations alongside senior team members • Assist with HITRUST r2 and SOC 2 audit preparation and evidence collection • Help coordinate audit activities across internal teams, tracking open items and deadlines • Support access review processes and other recurring compliance activities • Assist with security policy and procedure maintenance • Track and report on security metrics and assurance request status • Support vendor risk assessment activities • Assist with security awareness efforts and documentation as needed • Participate in security incident response when needed

Role Description We are seeking a self-driven, detail-oriented, and experienced Workday Security Analyst to support, maintain, and enhance the security framework of the Lineage Workday platform. This role is responsible for the analysis, design, implementation, and ongoing maintenance of security configurations across the Workday platform supporting Financial Management and HR domains. The ideal candidate will ensure compliance with internal policies and external regulatory requirements while optimizing system access and security architecture and maintaining the integrity and confidentiality of the Workday environment. Essential Job Duties & Responsibilities: - Security Design & Implementation: - Architect and deliver scalable, enterprise-grade security frameworks across Workday’s HR and Finance modules aligning business objectives and security best practices. - Security Configuration & Administration: - Lead the configuration and administration of Workday security, including, but not limited to: - Domain security policies - Business process security policies - Role-based security groups - User-based security groups - Intersection and constrained security groups - Segregation of duties (SoD) - Tenant level security architecture - Authentication and authorization concepts - Security inheritance and propagation - Security Architecture & Optimization: - Continuously assess and mature the Workday security architecture by identifying gaps, reducing complexity and implementing improvements that enhance scalability, performance, and least-privilege access. - Authentication & Integration Security: - Design and manage secure authentication frameworks, including OAUTH, SAML, Step-Up, Whitelisting, Single Sign-On (SSO), ensuring seamless and secure integrations across enterprise systems. - Issue Resolution & Operational Excellence: - Serve as a subject matter expert in troubleshooting and resolving complex security issues, ensuring timely resolution while maintaining system integrity and business continuity. - Provisioning and deprovisioning users - Managing role assignments - Security group maintenance - Troubleshooting access issues - Creating and modifying security configurations - Supporting tenant refreshes and migrations - Running security audits - Managing emergency access procedures - Continuous Improvement & Release Management: - Proactively monitor Workday releases and emerging capabilities, assessing impact and driving adoption of new features to enhance security posture and operational efficiency. - User Access & Provisioning Governance: - Establish and optimize user access governance, partnering with Finance, HR, IT, and business stakeholders to design efficient provisioning workflows. - Plan, coordinate, and execute biannual User Access Reviews (UAR) with a focus on audit readiness and risk reduction. - Compliance, Risk & Audit Leadership: - Drive compliance with regulatory and internal control frameworks (e.g., SOX, GDPR) by designing effective controls, supporting audits, managing evidence collection, and leading remediation efforts to address identified risks. - Documentation & Security Governance: - Develop and maintain comprehensive, audit-ready documentation of security models, standards, policies, and procedures, ensuring transparency and consistency across the organization. - Security Roadmap & Strategy: - Define and execute a forward-looking Workday security roadmap that leverages new platform capabilities, enforces least-privilege access, and aligns with evolving organizational and regulatory requirements. Qualifications - Bachelor's degree in IT or related discipline - 3–5 years of hands-on experience with Workday Security (Pro certification a plus) - Experience working directly with internal controls and auditors to support audit requests - Proven experience designing and implementing security architectures - Experience with SoD, SOX compliance, User Access Reviews (UAR), and GDPR initiatives - Strong knowledge of authentication methods, including OAUTH, SAML, SSO and tenant level security configurations - Supporting large global organizations with complex security framework and scaling for growth Benefits - Safe, stable, reliable work environments - Medical, dental, and basic life and disability insurance benefits - 401k retirement plan - Paid time off - Annual bonus eligibility - A minimum of 7 holidays throughout the calendar year

• Identify advanced threats and analyze adversary tactics • Hunt for malicious activity within our environment • Produce actionable intelligence reports and briefings • Collaborate with SOC, Incident Response, Red Team, and Product Security functions • Manage and mature the cyber Threat Hunt function • Continuously improve hunting methodologies and make recommendations for change • Share knowledge and expertise with analysts and stakeholders • Participate in the development of security procedures and playbooks • Evaluate and improve effectiveness of security processes and tools • Use emerging AI tools to assist in driving improvements to the program