RESTful API routes design: nested vs. non-nested

Question

My question is about the advantages of nesting resources when building URLs for API purposes. Consider the following two alternatives for accessing an employee resource:

Answer 1

I'd vote for 2'nd solution, based on model and security.

The department is in the path and does not have to be in the payload, neither for read- or write.

IF depatment of employee is to be changed, the depID could be included in the payload or through separate endpoint (with separate grant) /employees/{ID}.