Sr Cyber Risk Analyst

Primary Job Responsibilities

1. Technical Risk Assessments: Perform and support technical risk assessments on various technologies, systems, and processes within UKG's cloud environments.
2. Continuous Monitoring: Perform continuous monitoring activities to confirm the control environment is operating effectively, escalate identified deviations, and track them towards resolution.
3. Stakeholder Collaboration: Support and actively collaborate with stakeholders to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity, and availability of data in compliance with company policies and standards.
4. Compliance Expertise: Utilize industry experience and knowledge to provide expertise and support, ensuring the company's security framework remains in compliance with applicable regulations and internal policies and standards.
5. Cloud Security Support: Provide expertise in support of new cloud environment activities and projects to ensure compliance with information security and privacy standards.
6. Audit Assistance: Assist with audits of SSAE18 SOC 1, SOC 2, and ISO compliance. Contribute risk and compliance expertise and support to assist in the achievement of cloud audit/compliance programs.
7. Exception/Exemption Facilitation: Facilitate the exception and exemption processes for company policies and standards.
8. Documentation: Support the development, implementation, and updating of relevant documentation (e.g., narratives, how-to documents, procedures, etc.).
9. Reporting & KPIs: Identify relevant Key Performance Indicators (KPIs) and perform required reporting to quantify the effectiveness of controls implemented for risk management activities.
10. Additional Duties: Perform additional duties and projects as assigned by management.

Qualifications

1. Education: Bachelor of Engineering (B.E.) or Bachelor of Technology (B.Tech.) degree in Computer Science or IT audit-related discipline, or equivalent experience.
2. Experience: A minimum of 4-5 years' work experience in information security governance and risk functions (such as IT audit or IT Risk Management).
3. Frameworks: Experience with information security frameworks including, SOC 2 or ISO27001/17/18 or ITGC audits.
4. Risk & Issue Management: Experience in risk and issue management (identification, assessment, mitigation/treatment, tracking, escalations).
5. Security Monitoring/Testing: Experience in Security Monitoring of IT processes or IT Processes Testing (monitoring or testing of IT processes, such as Problem, Incident, Change, Backup, Endpoint Protection/Antivirus, Logical Access, Patch, Servers, Operating Systems, Databases, and Networks). The candidate should have security/risk related working experience in at least some of these processes.
6. Stakeholder Engagement: Experience in working closely with business/stakeholders for risk and issue identification and resolution.
7. Reporting/Metrics: Experience in Reporting or Metrics or KPI to measure the effectiveness of controls.
8. GRC Tools: Familiarity or Experience with Governance, Risk and Compliance (GRC) tools, reporting, and tracking.
9. Communication: Strong verbal and written communication skills.
10. Cloud Experience: Knowledge or Experience working in a Cloud environment from a security/risk standpoint (preferred).
11. Certifications: CISSP, CRISC, CISA, or similar security certification preferred