Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Lead Cyber Risk Analyst

AT UKG
UKG

Lead Cyber Risk Analyst

1 month agoNoida, India

Viewed on December 22, 2024

About the Team:
This position works as part of the Risk and Compliance organization, which is responsible for compliance and the management of risk across the enterprise. As a member of the department, this individual will be committed to safeguarding the organization against risks associated with third-party relationships.

About the Role:
The Lead Third-Party Risk Analyst will serve as a trusted advisor for internal UKG business stakeholders and will be responsible for identifying, assessing, and mitigating risks related to third-party relationships and services. Risks include information security, privacy, financial, business resiliency, and more. The role demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.

Want more jobs like this?

Get jobs in Noida, India delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


• Supports the Third-Party Risk Management program, providing support to Business Partners and Procurement department during vendor selection and contract negotiation processes.
• Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
• Works to gain process efficiencies and performs monthly analysis on team metrics.
• Supports the Third-Party Risk Management team in daily operations.
• Periodically reassesses Third Parties based on risk and/or a material change in the utilization of that Third Party
• Identifies third parties for ongoing monitoring to ensure reviews are performed in a timely manner.
• Assesses risk associated with third-party partner and vendor relationships, focusing on the third party's ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.
• Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party's security and privacy programs to maintain UKG's information security and privacy posture.
• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.
• Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
• Administers the company's Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes and report generation.

About You:
Basic Qualifications:
• 5-7 years of related work experience in third-party risk, information security governance, enterprise risk, and/or related functions (such as IT audit and IT risk management).
• 5-7 years of experience providing input into third party contract agreements from an information security and privacy perspective.
• BS/BA degree in Enterprise Risk Management, Information Security, Computer Information Systems/Management Information Systems or related discipline or equivalent experience.
• Experience administering Process Unity VRM tool or similar platform.
• Proficiency in comprehending the dynamics of third-party relationships, including vendors, partners, suppliers, and contractors.
• Knowledge of the risks associated with external entities that interact with an organization's systems or process confidential information.
• Ability to assess risks across various dimensions (such as information security, privacy, business continuity, financial, etc.).
• Understanding of data privacy and cybersecurity regulations (such as GDPR, CCPA, DORA, etc.)
• Knowledge of business continuity planning and disaster recovery and ability to evaluate third-party capabilities in maintaining business resiliency.
• Knowledge of security practices in cloud environments (such as data encryption, access controls, and compliance with regulations).
• Familiarity with Software as a Service (SaaS) and potential risks.
• Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, COBIT, NIST to include development of policies, process, and procedures within the environment.

Preferred Qualifications:
• Excellent verbal and written communication skills to effectively communicate with employees, vendors, third-party partners, customers, business partners, and all levels of management.
• Experience supporting regulatory and compliance programs (such as HIPAA, PCI, MA 201 CMR 17, FedRAMP).
• Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls).
• Knowledge of risks associated with GenAI.
• Experience leveraging Enterprise Risk Management and Issues Management applications in LogicGate platform.
• CISA, CISM, CRISC, CISSP, CTPRP, or similar security certification.

Client-provided location(s): Noida, Uttar Pradesh, India
Job ID: ukg-893378648900
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Health Reimbursement Account
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • FSA With Employer Contribution
    • HSA
    • HSA With Employer Contribution
    • Fitness Subsidies
    • On-Site Gym
    • Virtual Fitness Classes
  • Parental Benefits

    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Adoption Assistance Program
    • Family Support Resources
    • Adoption Leave
  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
    • Hybrid Work Opportunities
  • Office Life and Perks

    • Casual Dress
    • Happy Hours
    • Company Outings
    • Holiday Events
  • Vacation and Time Off

    • Paid Vacation
    • Unlimited Paid Time Off
    • Paid Holidays
    • Personal/Sick Days
    • Volunteer Time Off
  • Financial and Retirement

    • 401(K) With Company Matching
    • Company Equity
    • Performance Bonus
    • Profit Sharing
  • Professional Development

    • Tuition Reimbursement
    • Mentor Program
    • Shadowing Opportunities
    • Access to Online Courses
    • Internship Program