Skip to content

Lead Third-Party Risk Analyst

General information

Location:

Boston - Massachusetts - USA, Chelmsford - Massachusetts - USA, Ft. Lauderdale - Florida - USA, Lowell - Massachusetts - USA, Miami - Florida - USA, Miramar - Florida - USA, Orlando - Florida - USA, Tampa - Florida - USA, Waltham - Massachusetts - USA, Weston - Florida - USA

Function:

Governance, Risk & Compliance

Ref #:

20220022581

Description & Requirements

Description

This position works as part of the Governance Risk and Compliance department, which is responsible for management of cyber risk across the enterprise.  As a member of the department, this individual will be committed to overall data protection risk management and its role in the company's continued success. The Lead Third-Party Risk Analyst will serve as an internal information security, privacy and risk consultant and will be primarily responsible for risk management of third-party providers and cloud SaaS solutions.

The role demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.

RESPONSIBILITIES
• Supports the Third-Party Risk Management program, providing support to Business Partners and Procurement department during vendor selection and contract negotiation processes. Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
• Manages Third-Party Risk Management team queue, works to gain process efficiencies, and performs monthly analysis on team metrics.
• Supports the Third-Party Risk Management team in daily operations.
• Develops and maintains ongoing monitoring review schedule to ensure periodic reviews are performed in a timely manner.
• Assesses risk associated with strategic third-party partner relationships, focusing on partner ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.
• Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party’s security and privacy programs to maintain UKG’s information security and privacy posture.
• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.
• Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
• Administers the company’s Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes and report generation.
• Serves as an internal information security, privacy and risk consultant to the organization responding to inquiries and reported incidents
• Supports the development, implementation, and management of information security, privacy and risk policies and procedures to ensure they remain aligned with business objectives and meet regulatory requirements.
• Provides expertise and support to ensure company’s information security, privacy and risk programs remains in compliance with applicable regulations including evolving data privacy regulations.
• Provides expertise in support of new company initiatives to ensure implemented solutions comply with information security and privacy standards.
• Perform additional duties and projects as assigned by management.

Qualifications

• BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent experience and a 5-8 years of related work experience in information security governance and/or related functions (such as IT audit and IT Risk Management)
• Excellent verbal and written communication skills to develop positive relationships and effectively communicate with employees, vendors, customers, business partners, and all levels of management.
• Experience administering Process Unity VRM platform
• Experience providing input into third-party contract agreements from an information security and privacy perspective.
• Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT, NIST to include development of policies, process and procedures within the environment
• Experience supporting regulatory and compliance programs such as HIPAA, PCI, MA 201 CMR 17
• Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls)
• Strong technical background including Active Directory, firewalls and vulnerability scanning tools highly desired
• CISA, CISM, CRISC, CISSP, or similar security certification highly desired

Corporate overview

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at www.ukg.com/careers

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 


View The EEO is the Law poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.


Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com or please call 1 (978) 250 9800.

Apply