Description

This position works as part of the Enterprise Risk department, which is responsible for management of cyber risk across the enterprise.  The role offers the opportunity to be engaged in all facets of cyber risk including security, privacy, and risk management, and security and compliance program development.  As a member of the department, the individual will be committed to overall data protection risk management and its role in the company's continued success.  The Principal Cyber Risk Analyst, Corporate Programs, is a highly visible role that interfaces with key stakeholders in the organization and may also support UKG customers and Partners. The position demands an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

RESPONSIBILITIES:

Supports the Enterprise Risk - Corporate Risk Management program, providing support to internal Business Partners and stakeholders with strategic projects, process design and systems implementation, and M&A due diligence.

Performs risk assessments working with subject matter experts, gathering supporting information, assessing existing controls, identifying control gaps, and quantifying risks associated with processes, technologies and projects.

Works with process, technology and control owners to communicate results of risk assessments including the identification of risks, control gaps and recommended remediation activities. Serves as an advisor to stakeholders to build action plans and design and implement controls to address gaps identified.

Monitors action plans as agreed to with stakeholders to ensure remediation activities are completed according to the agreed upon action plan to help mitigate risks identified.

Helps support Mergers & Acquisition activities by performing due diligence on target companies, conducting in-depth due diligence sessions, and delivering due diligence reports outlining identified risks, proposed remediation efforts, and timelines in accordance with deal strategy.

Contributes to maintaining a set of guidelines and best practices to drive the delivery of Enterprise Risk services for M&A.

Assists with various projects including project management, program enhancement activities, tracking of corrective actions and reports on progress to management.

Produces high quality assessment documents that clearly articulate risk in a meaningful way to stakeholders, ensuring risks are understood in order for appropriate corrective action plans to be built.

Ensures processes and technologies are designed and implemented to support compliance obligations of the organization including ISO 27001, SOC2, SOX, PCI and HIPAA.

Serves as an internal risk management consultant to the organization responding to inquiries and requests for assistance.

Supports the development, implementation, and management of information security, privacy and risk policies and procedures to ensure they remain aligned with business objectives and meet regulatory requirements.

Provides expertise and support to ensure company’s risk programs remain in compliance with applicable regulations including evolving data privacy regulations.

Provides expertise in support of new company initiatives to ensure implemented solutions comply with information security and privacy standards.

Perform additional duties and projects as assigned by management.
• Design and maintain controls, including control monitoring.
• Document systems, processes and controls using narratives.
• Evaluate design and operating effectiveness of controls to identify and recommend business process changes resulting in strengthened internal controls.
• Coordinate external auditors, prepare controls owners, review, and collect required evidence as needed to meet compliance requirements.
• Collaborate with control owners to remediate control gaps and track the remediation efforts.
• Support the business teams with establishing new procedures/policies and ensure alignment with regulations/standards.
• Drive internal assessment and compliance of our controls with the implementation of control monitoring.
• Function as technical SME during internal and external audits.
• Work closely with internal stakeholders to educate them and achieve compliance over technology control environment.
• Develop, maintain, report on key risk metrics.
• Communicate progress, escalations, and issue resolution to management and team stakeholders.
• Build relationships with a broad range of UKG employees at all levels to accomplish program objectives and further Enterprise Risk goals

Qualifications

8 to 10 years of security/IT Governance, Risk Management, and Compliance or equivalent experience
• Hands-on experience implementing frameworks such as SOC 1, SOC 2, and/or ISO27001
• BE/ B.Tech/ MCA in a technical field or equivalent experience
• Ability to accomplish outcomes effectively and autonomously across cross-functional teams in ambiguous situations with minimal supervision
• Outstanding written and spoken communication skills
• Ability to multitask, prioritize work and meet deadlines in a fast-paced environment
• General knowledge of cloud technologies such as AWS, Microsoft Azure, and GCP, (GCP preferred)
• General knowledge of information security concepts and technologies

Company Overview

Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at www.ukg.com/careers  #WeAreUKG 

EEO Statement

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.