Skip to content

Senior Cyber Risk Analyst, Compliance

General Information

Ref #:


Travel Amount Required:

Up to 25%

Job Type:

Regular-Full Time


Lowell - Massachusetts - United States

Company Overview

Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at  #WeAreUKG 

Description & Qualifications


About the Team:

The Enterprise Risk team enables the business in proactive identification, evaluation, mitigation, monitoring, and escalation of organizational risks. UKG evaluates risk holistic to the organization; including strategic, financial, compliance, cybersecurity, and operational risk. This position is part of a subset of the Enterprise Risk team who partners with the product lifecycle teams: product management, engineering, and platform. As a member of that team, the individual will be committed to overall data protection risk management and its role in the company's continued success. The Senior Risk Analyst position is a highly visible role that interfaces with key stakeholders in the organization and may also support UKG customers and Partners. The position demands an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; effective communication and customer focus is required. Primary responsibilities include performing risk assessments of UKG product, processes, and technologies to determine potential risk factors, quantifying risk and forecast probable outcomes, partnering with risk owners to determine mitigation activities, preparing reports to stakeholders to summarize their risk landscape and highlight attention areas, and staying attune to the organizations goals as processes/technologies evolve.

About the role:

• Support the execution and completion of external certification audits for multiple products such as SOC1, SOC2, and ISO27001/17/18
• Attend internal control walkthroughs to aid where necessary and identify areas for improvement
• Manage relationships with external audit firms to help ensure efficient audit engagements
• Provide guidance to stakeholders on design of internal controls
• Work with the business to ensure risks are mitigated and make recommendations for process improvement
• Guide adoption and enhancement of GRC tool for compliance, monitoring, and risk management activities
• Stay abreast of audit and risk best practices and trends to provide guidance to the team and the business
• Communicate results via clear, concise written reports and oral presentations
• Perform additional duties and projects as assigned by management


About You:

Basic Qualifications:
• Bachelor’s or master’s degree in Management Information Systems, Computer Science, Information Technology, Accounting, Business Administration, or related field
• 5 – 7 years of work experience in audit and risk management, with an emphasis on information systems, finance, and process controls
• Significant experience with information security frameworks including SOC1, SOC2 or ISO27001/17/18
• Familiarity with Governance, Risk and Compliance (GRC) tools

Preferred Qualifications:
• Organized, detail-oriented team player with analytical skills and the ability to prioritize daily work and support multiple initiatives simultaneously
• Strong business acumen to include strong verbal and written communication skills
• CISA, CISM, CRISC, CISSP, or similar security certification preferred

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 

View The EEO Know Your Rights poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email