Description
The Certifications/GRC team enables the business in proactive identification, evaluation, mitigation, monitoring, and escalation of organizational risks. UKG evaluates risk holistic to the organization; including strategic, financial, compliance, cybersecurity, and operational risk. This position is part of a subset of the GRC team who partners with the customer lifecycle teams: implementations, customer support, and managed services. As a member of the team, the individual will be committed to overall risk management, including but not limited to data protection. The Level II Cyber Risk Analyst position is a highly visible role that interfaces with key stakeholders in the organization and may also support UKG customers and Partners. The position demands an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; effective communication and customer focus is required. Primary responsibilities include performing risk assessments of UKG product, processes, and technologies to determine potential risk factors, quantifying risk and forecast probable outcomes, partnering with risk owners to determine mitigation activities, preparing reports to stakeholders to summarize their risk landscape and highlight attention areas, and staying attune to the organizations goals as processes/technologies evolve.

About the Role:

• Support risk assessments for various business units that support customer lifecycle (managed services, implementations, and customer support).
• Identify and partner with Subject Matter Experts (SMEs) to develop appropriate remediation plans in alignment risk UKG methodology.
• Advise stakeholders on compliance considerations relating to ISO27001 and SOC standards
• Document, report, and monitor remediation plans to closure in a GRC tool.
• Assist in developing relationships with key leaders within the domain to establish trust, understand business objectives, and align risk assessment priorities to strategic initiatives.
• Identify relevant key performance indicators (KPIs) to quantify the effectiveness of controls implemented for risk management activities.
• Assist in compilation of materials to help ensure risk management statuses, trends, and escalations are rolled up to management.
• Perform additional duties and projects as assigned by management.

Qualifications
• BS/BA degree in an IT audit related discipline or equivalent experience and a minimum of 2-3 years' work experience in information security governance and/or related functions (such as IT audit or IT Risk Management).
• Familiarity with Governance, Risk and Compliance (GRC) tools.
• Experience with information security frameworks including SOC 2 and ISO27001/17/18.

Preferred Qualifications:
• Strong business acumen to include strong verbal and written communication skills.
• CISA, CISM, CRISC, CISSP, or similar security certification favored.
#LI-Hybrid

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.

View The EEO Know Your Rights poster and its supplement.

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.