This position works as part of the Enterprise Risk department, which is responsible for the management of risk across the enterprise. As a member of the department, this individual will be committed to safeguarding the organization against risks associated with third-party relationships.

About the Role:

The Third-Party Risk Analyst will serve as a trusted advisor for internal UKG business stakeholders and will be responsible for identifying, assessing, and mitigating risks related to third-party relationships and services. Risks include information security, privacy, financial, business resiliency, and more. The role demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.

• Supports the Third-Party Risk Management program, providing support to Business Partners and Procurement department during vendor selection and contract negotiation processes.

• Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.

• Works to gain process efficiencies and performs monthly analysis on team metrics.

• Supports the Third-Party Risk Management team in daily operations.

• Periodically reassesses Third Parties based on risk and/or a material change in the utilization of that Third Party

• Identifies third parties for ongoing monitoring to ensure reviews are performed in a timely manner.

• Assesses risk associated with third-party partner and vendor relationships, focusing on the third party's ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.

• Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party's security and privacy programs to maintain UKG's information security and privacy posture.

• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.

• Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.

• Administers the company's Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes and report generation.

About You:

Basic Qualifications:

• 3+ years of related work experience in third-party risk, information security governance, enterprise risk, and/or related functions (such as IT audit and IT risk management).

• BS/BA degree in Enterprise Risk Management, Information Security, Computer Information Systems/Management Information Systems or related discipline or equivalent experience.

• Experience administering Process Unity VRM tool or similar platform.

• Proficiency in comprehending the dynamics of third-party relationships, including vendors, partners, suppliers, and contractors.

• Knowledge of the risks associated with external entities that interact with an organization's systems or process confidential information.

• Ability to assess risks across various dimensions (such as information security, privacy, business continuity, financial, etc.).

• Understanding of data privacy and cybersecurity regulations (such as GDPR, CCPA, DORA, etc.)

• Knowledge of business continuity planning and disaster recovery and ability to evaluate third-party capabilities in maintaining business resiliency.

• Knowledge of security practices in cloud environments (such as data encryption, access controls, and compliance with regulations).

• Familiarity with Software as a Service (SaaS) and potential risks.

• Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, COBIT, NIST to include development of policies, process, and procedures within the environment.

Preferred Qualifications:

• Excellent verbal and written communication skills to effectively communicate with employees, vendors, third-party partners, customers, business partners, and all levels of management.

• Experience supporting regulatory and compliance programs (such as HIPAA, PCI, MA 201 CMR 17).

• Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls).

• Knowledge of risks associated with GenAI.

• Experience leveraging Enterprise Risk Management module in LogicGate platform.

• CISA, CISM, CRISC, CISSP, CTPRP, or similar security certification.

#LI-Hybrid

UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it's our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow!

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.

View The EEO Know Your Rights poster and its supplement.

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.