Skip to content

Lead Cyber Risk Analyst

General Information

Ref #:


Travel Amount Required:

Up to 25%

Job Type:

Regular-Full Time


Branchburg - New Jersey - United States

Description & Qualifications


This position works as part of the Governance, Risk and Compliance department, which is responsible for management of cyber risk across the enterprise.  The role offers the opportunity to be engaged in all facets of cyber risk including security, privacy, and risk management, and security and compliance program development.  As a member of the department, the individual will be committed to overall data protection risk management and its role in the company's continued success.  The Lead Cyber Risk Analyst, Corporate Programs, is a highly visible role that interfaces with key stakeholders in the organization and may also support UKG customers and Partners. The position demands an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

· Supports the Governance Risk and Compliance (GRC) - Corporate Risk Management program, providing support to internal Business Partners and stakeholders with strategic projects, process design and systems implementation, and M&A due diligence.

· Performs risk assessments working with subject matter experts, gathering supporting information, assessing existing controls, identifying control gaps, and quantifying risks associated with processes, technologies and projects.

· Works with process, technology and control owners to communicate results of risk assessments including the identification of risks, control gaps and recommended remediation activities. Serves as an advisor to stakeholders to build action plans and design and implement controls to address gaps identified.

· Monitors action plans as agreed to with stakeholders to ensure remediation activities are completed according to the agreed upon action plan to help mitigate risks identified.

· Assists with various GRC projects including project management, program enhancement activities, tracking of corrective actions and reports on progress to management.

· Produces high quality assessment documents that clearly articulate risk in a meaningful way to stakeholders, ensuring risks are understood in order for appropriate corrective action plans to be built.

· Ensures processes and technologies are designed and implemented to support compliance obligations of the organization including ISO 27001, SOC2, SOX, PCI and HIPAA.

· Serves as an internal risk management consultant to the organization responding to inquiries and requests for assistance.

· Helps support Mergers & Acquisition activities by performing due diligence on target companies, conducting in-depth due diligence sessions, and delivering due diligence reports outlining identified risks, proposed remediation efforts, and timelines in accordance with deal strategy.

· Contributes to maintaining a set of guidelines and best practices to drive the delivery of GRC services for M&A.

· Supports the development, implementation, and management of information security, privacy and risk policies and procedures to ensure they remain aligned with business objectives and meet regulatory requirements.

· Provides expertise and support to ensure company’s risk programs remain in compliance with applicable regulations including evolving data privacy regulations.


• BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent experience and 8-10 years related work experience in information security governance and/or related functions (such as IT audit and IT Risk Management
• Excellent verbal and written communication skills to develop positive relationships and effectively communicate with employees, vendors, customers, business partners, and all levels of management.
• Experience with information security management frameworks such as AT101, SOC 2, ISO, ITIL, CobiT, NIST, to include development of policies, processes, and procedures within the environment
• Experience supporting regulatory and compliance programs such as HIPAA, PCI, MA 201 CMR 17
• Previous experience with Risk Analysis regarding mergers and acquisitions, including external consulting experience with a focus on GRC related due diligence
• CISA, CISM, CRISC, CISSP, or similar security certification highly desired
• Strong technical background including Active Directory, firewalls and vulnerability scanning tools highly desired
• Comfort with ambiguity and fluid consulting situations

Company Overview

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 

View The EEO is the Law poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email or please call 1 (978) 250 9800.