Third-Party Cyber Risk Analyst (TPRM)
Location
Noida | India
Job description
Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for Learn more at
Description About the Team:
This position works as part of the Enterprise Risk department, which is responsible for management of risk across the enterprise. As a member of the department, this individual will be committed to overall data protection risk management and its role in the company's continued success.
About The Role The Third-Party Risk Analyst will serve as an internal information security, privacy and risk consultant and will be primarily responsible for risk management of third-party providers and cloud SaaS solutions. The role demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.
- Supports the Third-Party Risk Management program, providing support to Business Partners and Procurement department during vendor selection and contract negotiation processes.
- Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
- Works to gain process efficiencies and performs monthly analysis on team metrics.
- Supports the Third-Party Risk Management team in daily operations.
- Identifies third parties for ongoing monitoring to ensure reviews are performed in a timely manner.
- Assesses risk associated with third-party partner and vendor relationships, focusing on the third party's ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.
- Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party's security and privacy programs to maintain UKG's information security and privacy posture.
- Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.
- Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
- Administers the company's Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes and report generation.
Qualifications About You:
Basic Qualifications - 0-1+ year of related work experience in information security governance and/or related functions (such as IT audit and IT Risk Management)
- 0-1+ years of experience providing input into third party contract agreements from an information security and privacy perspective.
- BS/BA degree in Computer Information Systems/Management Information Systems, Risk Management or related discipline or equivalent experience
- Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT, NIST to include development of policies, process and procedures within the environment.
Preferred Qualifications - Experience administering Process Unity VRM platform
- Excellent verbal and written communication skills to effectively communicate with employees, vendors, customers, business partners, and all levels of management.
- Experience supporting regulatory and compliance programs such as HIPAA, PCI, MA 201 CMR 17
- Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls)
- Strong technical background including Active Directory, firewalls and vulnerability scanning tools
- CISA, CISM, CRISC, CISSP, or similar security certification
Equal Opportunity Employer Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.
View The EEO is the Law poster and its supplement.
View the Pay Transparency Nondiscrimination Provision.
UKG participates in E-Verify. View the E-Verify posters here.
For individuals with disabilities that need additional assistance at any point in the application and interview process, please email [HIDDEN TEXT].
Job tags
Salary