Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at www.ukg.com/careers  #WeAreUKG 

Description

Principal Cyber Risk Analyst

Job Summary
This position works as part of the Enterprise Risk department, which is responsible for management of cyber risk across the enterprise. The role offers the opportunity to be engaged in all facets of cyber risk including security, privacy, and risk management, and security and compliance program development. As a member of the department, the individual will be committed to overall data protection risk management and its role in the company's continued success. The Principal Cyber Risk Analyst is a highly visible role that interfaces with key stakeholders in the organization and may also support UKG customers and Partners. The position demands an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

Primary/Essential Duties and Key Responsibilities:

• Develop and maintain risk management policies, procedures, and standards for the organization, ensuring they comply with industry best practices and regulatory requirements

• Support and assist in risk management activities – risk assessments and risk treatment plans

• Prepare risk management reports and presentations for senior management and other stakeholders, including analysis of key risks and recommendations for risk management strategies

• Monitor and evaluate the effectiveness of risk management strategies and plans, making recommendations for improvements as necessary

• Provide risk management advice and guidance within the Enterprise Risk team and other stakeholders across the organization

• Facilitate and support workshops and education initiatives on risk management principles, tools, and techniques

• Develop and maintain relationships with external stakeholders such as regulatory bodies, cyber security vendors, and other risk management professionals to stay up-to-date on emerging risks and best practices.

• Identify trends and patterns in data that may indicate areas of risks

• Support the implementation and operation of a GRC tool

• Perform additional duties and projects as assigned by management

Qualifications

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Management Information Systems or related field. A Master’s degree is preferred
• 7+ years of work experience in information security governance, risk management or related functions
• Knowledge of risk management principles, tools, and techniques, and experience applying them in a corporate setting
• Experience with Risk Management frameworks, standards and methodologies, such as COSO, FAIR, and/or ISO 31000
• Experience with information security and audit frameworks including SOC 2 and ISO27001/17/18
• Strong communication and interpersonal skills, with the ability to communicate risk management concepts and strategies to a range of stakeholders
• Ability to work independently and as part of a team, with excellent organizational and time-management skills
• Professional certifications such as CRISC, CISSP, CISA, CISM, CCSP or similar are preferred

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.