Sr. Cyber Risk Analyst

for management of cyber risk across the enterprise. The role offers the opportunity to be engaged in all facets of cyber risk including security, privacy, risk management, as well as security and compliance program development. As a member of the department, the individual will be committed to overall data protection, risk management and its role in the company's continued success. This position serves as an internal risk consultant and will be the subject matter expert responsible for designing, implementing, and supporting a security control framework for a multi-tenant software-as-a-service product. Primary responsibilities include assisting with audits of SSAE18 SOC 1, SOC 2, and ISO compliance exams and monitoring control activities in certified environments. This position demands an organized, detail-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

RESPONSIBILITIES
• Provide support to internal business partners and stakeholders with strategic projects, process design, and systems implementation as part of the Corporate Risk Management program. Contribute risk and compliance expertise to assist in the achievement of cloud audit/compliance programs.
• Work with subject matter experts to perform risk assessments, which includes gathering supporting information, assessing existing controls, identifying control gaps, and quantifying risks associated with processes, technologies, and projects. Collaborate with process, technology, and control owners to communicate results of risk assessments, including the identification of risks, control gaps, and recommended remediation activities.
• Serve as an advisor to stakeholders to build action plans and design and implement controls to address the gaps identified. Monitor action plans as agreed upon with stakeholders to ensure remediation activities are completed according to the plan to help mitigate risks identified.
• Produce high-quality assessment documents that clearly articulate risk in a meaningful way to stakeholders, ensuring risks are understood for appropriate corrective action plans to be built.
• Utilize industry experience and knowledge to provide expertise and support to ensure company's security framework remains in compliance with applicable regulations including evolving data privacy regulations. Ensures processes and technologies are designed and implemented to support compliance obligations to the organization against international standards.
• Serve as an internal risk management consultant to the organization, responding to inquiries and requests for assistance. Participate in risk assessments in SSAE18 SOC 1, SOC 2, ISO environments and collect evidence in support of audits. Perform additional duties and projects as assigned by management.

Qualifications: -
• Good understanding of risk management principles and practices.
• Ability to perform risk assessments and communicate results effectively.
• Ability to produce high-quality assessment documents.
• Experience in SSAE18 SOC 1, SOC 2, ISO environments is a plus

Qualifications
MCA/B Tech

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.

View The EEO Know Your Rights poster and its supplement.

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here .

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email [email protected].