Skip to content

Cyber Risk Analyst

General information

Location:

Lowell - Massachusetts - USA

Function:

Governance, Risk & Compliance

Ref #:

20210020198

Description & Requirements

Description

This position works as part of the Governance, Risk and Compliance team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This position serves as an internal risk consultant and will be the subject matter expert responsible for designing, implementing, and supporting a security control framework for a software-as-a-service products. Primary responsibilities include assisting with audits of SSAE18 SOC 1, SOC 2, GLBA and HIPAA compliance exams and monitoring control activities in certified environments. This position demands an organized, detail-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

RESPONSIBILITIES
• Contribute risk and compliance expertise and support to assist in the achievement of cloud audit/compliance programs.
• Support customer hosted cloud environments to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity, and availability of data in compliance with organization policies and standards.
• Perform continuous monitoring activities to confirm the control environment is operating effectively and escalate identified deviations.
• Participate in risk assessments in SSAE18 SOC 1, SOC 2, GLBA and HIPAA environments and collect evidence in support of audits.
• Assist external auditors conducting annual compliance audits by reviewing all evidence to confirm it satisfies the items included in the document request list.
• Utilize industry experience and knowledge to provide expertise and support to ensure company’s security framework remains in compliance with applicable regulations including evolving data privacy regulations.
• Support the development, implementation, and updating of security policies and procedures.
• Conduct reviews of vulnerability scanning results for completeness of remediation activities.
• Facilitate the exemption processes for vulnerability management and hardening management programs.
• Perform additional duties and projects as assigned by management.

Qualifications

• BS/BA degree in Computer Science, MIS, IT Information Systems Audit and Control or related discipline or equivalent experience. Ideal position for recent college graduate with audit/security internship or 1 – 2 years’ work experience in information security governance and/or related functions (such as IT audit and IT Risk Management).
• Experience with audit frameworks including SSAE 18 SOC 1, AT101 SOC 2, SOX or ISO2700.
• Knowledge working in information security, risk management or IT audit.
• The ability to articulate technical concepts to non-technical users.
• Strong business acumen to include strong verbal and written communication skills.
• CISA, CISM, CRISC, CISSP, or similar security certification required or the desire to achieve the credential.

Corporate overview

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at www.ukg.com/careers

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 


View The EEO is the Law poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.


Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com or please call 1 (978) 250 9800.

Apply