UKG (Ultimate Kronos Group)
Third Party Risk Analyst
UKG (Ultimate Kronos Group), Atlanta, Georgia, United States, 30383
Company Overview
With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we’re only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.
At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.
Here, we know that you’re more than your work. That’s why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose — a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you’re passionate about our purpose — people —then we can’t wait to support whatever gives you purpose. We’re united by purpose, inspired by you.
This position works as part of the Enterprise Risk department, which is responsible for the management of risk across the enterprise. As a member of the department, this individual will be committed to safeguarding the organization against risks associated with third-party relationships.
About the Role:
The Third-Party Risk Analyst will serve as a trusted advisor for internal UKG business stakeholders and will be responsible for identifying, assessing, and mitigating risks related to third-party relationships and services. Risks include information security, privacy, financial, business resiliency, and more. The role demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.
• Supports the Third-Party Risk Management program, providing support to Business Partners and Procurement department during vendor selection and contract negotiation processes.
• Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
• Works to gain process efficiencies and performs monthly analysis on team metrics.
• Supports the Third-Party Risk Management team in daily operations.
• Periodically reassesses Third Parties based on risk and/or a material change in the utilization of that Third Party
• Identifies third parties for ongoing monitoring to ensure reviews are performed in a timely manner.
• Assesses risk associated with third-party partner and vendor relationships, focusing on the third party’s ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.
• Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party’s security and privacy programs to maintain UKG’s information security and privacy posture.
• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.
• Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
• Administers the company’s Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes and report generation.
About You:
Basic Qualifications:
• 3+ years of related work experience in third-party risk, information security governance, enterprise risk, and/or related functions (such as IT audit and IT risk management).
• BS/BA degree in Enterprise Risk Management, Information Security, Computer Information Systems/Management Information Systems or related discipline or equivalent experience.
• Experience administering Process Unity VRM tool or similar platform.
• Proficiency in comprehending the dynamics of third-party relationships, including vendors, partners, suppliers, and contractors.
• Knowledge of the risks associated with external entities that interact with an organization’s systems or process confidential information.
• Ability to assess risks across various dimensions (such as information security, privacy, business continuity, financial, etc.).
• Understanding of data privacy and cybersecurity regulations (such as GDPR, CCPA, DORA, etc.)
• Knowledge of business continuity planning and disaster recovery and ability to evaluate third-party capabilities in maintaining business resiliency.
• Knowledge of security practices in cloud environments (such as data encryption, access controls, and compliance with regulations).
• Familiarity with Software as a Service (SaaS) and potential risks.
• Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, COBIT, NIST to include development of policies, process, and procedures within the environment.
Preferred Qualifications:
• Excellent verbal and written communication skills to effectively communicate with employees, vendors, third-party partners, customers, business partners, and all levels of management.
• Experience supporting regulatory and compliance programs (such as HIPAA, PCI, MA 201 CMR 17).
• Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls).
• Knowledge of risks associated with GenAI.
• Experience leveraging Enterprise Risk Management module in LogicGate platform.
• CISA, CISM, CRISC, CISSP, CTPRP, or similar security certification.
#LI-Hybrid
UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it’s our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow!
Equal Opportunity Employer
Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.
View The EEO Know Your Rights poster (https:www.eeoc.gov/sites/default/files/2022-10/EEOC_KnowYourRights_screen_reader_10_20.pdf) and its supplement. (https:www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm)
View the Pay Transparency Nondiscrimination Provision (https:www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
UKG participates in E-Verify. View the E-Verify posters here (https:www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) .
It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.
With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we’re only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.
At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.
Here, we know that you’re more than your work. That’s why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose — a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you’re passionate about our purpose — people —then we can’t wait to support whatever gives you purpose. We’re united by purpose, inspired by you.
This position works as part of the Enterprise Risk department, which is responsible for the management of risk across the enterprise. As a member of the department, this individual will be committed to safeguarding the organization against risks associated with third-party relationships.
About the Role:
The Third-Party Risk Analyst will serve as a trusted advisor for internal UKG business stakeholders and will be responsible for identifying, assessing, and mitigating risks related to third-party relationships and services. Risks include information security, privacy, financial, business resiliency, and more. The role demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.
• Supports the Third-Party Risk Management program, providing support to Business Partners and Procurement department during vendor selection and contract negotiation processes.
• Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
• Works to gain process efficiencies and performs monthly analysis on team metrics.
• Supports the Third-Party Risk Management team in daily operations.
• Periodically reassesses Third Parties based on risk and/or a material change in the utilization of that Third Party
• Identifies third parties for ongoing monitoring to ensure reviews are performed in a timely manner.
• Assesses risk associated with third-party partner and vendor relationships, focusing on the third party’s ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.
• Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party’s security and privacy programs to maintain UKG’s information security and privacy posture.
• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.
• Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
• Administers the company’s Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes and report generation.
About You:
Basic Qualifications:
• 3+ years of related work experience in third-party risk, information security governance, enterprise risk, and/or related functions (such as IT audit and IT risk management).
• BS/BA degree in Enterprise Risk Management, Information Security, Computer Information Systems/Management Information Systems or related discipline or equivalent experience.
• Experience administering Process Unity VRM tool or similar platform.
• Proficiency in comprehending the dynamics of third-party relationships, including vendors, partners, suppliers, and contractors.
• Knowledge of the risks associated with external entities that interact with an organization’s systems or process confidential information.
• Ability to assess risks across various dimensions (such as information security, privacy, business continuity, financial, etc.).
• Understanding of data privacy and cybersecurity regulations (such as GDPR, CCPA, DORA, etc.)
• Knowledge of business continuity planning and disaster recovery and ability to evaluate third-party capabilities in maintaining business resiliency.
• Knowledge of security practices in cloud environments (such as data encryption, access controls, and compliance with regulations).
• Familiarity with Software as a Service (SaaS) and potential risks.
• Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, COBIT, NIST to include development of policies, process, and procedures within the environment.
Preferred Qualifications:
• Excellent verbal and written communication skills to effectively communicate with employees, vendors, third-party partners, customers, business partners, and all levels of management.
• Experience supporting regulatory and compliance programs (such as HIPAA, PCI, MA 201 CMR 17).
• Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls).
• Knowledge of risks associated with GenAI.
• Experience leveraging Enterprise Risk Management module in LogicGate platform.
• CISA, CISM, CRISC, CISSP, CTPRP, or similar security certification.
#LI-Hybrid
UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it’s our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow!
Equal Opportunity Employer
Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.
View The EEO Know Your Rights poster (https:www.eeoc.gov/sites/default/files/2022-10/EEOC_KnowYourRights_screen_reader_10_20.pdf) and its supplement. (https:www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm)
View the Pay Transparency Nondiscrimination Provision (https:www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
UKG participates in E-Verify. View the E-Verify posters here (https:www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) .
It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.