Here's the job description for a Lead Third-Party Risk Analyst at UKG, tailored for the Hyderabad location:
Lead Third-Party Risk Analyst (Hyderabad)
About the Role
As a Lead Third-Party Risk Analyst at UKG, you will serve as a trusted advisor for internal UKG business stakeholders. You will be responsible for identifying, assessing, and mitigating a wide range of risks related to third-party relationships and services, including information security, privacy, financial, and business resiliency risks. This role demands an organized, action-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously. Strong communication and a customer-focused approach are essential.
Responsibilities
- Supports the Third-Party Risk Management program, providing support to Business Partners and the Procurement department during vendor selection and contract negotiation processes.
- Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
- Works to gain process efficiencies and performs monthly analysis on team metrics.
- Supports the Third-Party Risk Management team in daily operations.
- Periodically reassesses Third Parties based on risk and/or a material change in the utilization of that Third Party.
- Identifies third parties for ongoing monitoring to ensure reviews are performed in a timely manner.
- Assesses risk associated with third-party partner and vendor relationships, focusing on the third party's ability to demonstrate the existence of information security controls, privacy controls, and ability to support critical business functions of the company.
- Advises Business Partners on appropriate implementation of information security and privacy controls for new third-party services, leveraging a combination of these controls and the Third Party's security and privacy programs to maintain UKG's information security and privacy posture.
- Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third-party agreements.
- Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
- Administers the company's Vendor Risk Management (VRM) platform which supports the Third-Party Risk program. Responsibilities include access management, configuration changes, and report generation.
Qualifications
Basic Qualifications:
- 5-7 years of related work experience in third-party risk, information security governance, enterprise risk, and/or related functions (such as IT audit and IT risk management).
- 5-7 years of experience providing input into third-party contract agreements from an information security and privacy perspective.
- BS/BA degree in Enterprise Risk Management, Information Security, Computer Information Systems/Management Information Systems, or a related discipline, or equivalent experience.
- Experience administering Process Unity VRM tool or a similar platform.
- Proficiency in comprehending the dynamics of third-party relationships, including vendors, partners, suppliers, and contractors.
- Knowledge of the risks associated with external entities that interact with an organization's systems or process confidential information.
- Ability to assess risks across various dimensions (such as information security, privacy, business continuity, financial, etc.).
- Understanding of data privacy and cybersecurity regulations (such as GDPR, CCPA, DORA, etc.).
- Knowledge of business continuity planning and disaster recovery and ability to evaluate third-party capabilities in maintaining business resiliency.
- Knowledge of security practices in cloud environments (such as data encryption, access controls, and compliance with regulations).
- Familiarity with Software as a Service (SaaS) and potential risks.
- Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, COBIT, NIST to include development of policies, processes, and procedures within the environment.
Preferred Qualifications:
- Excellent verbal and written communication skills to effectively communicate with employees, vendors, third-party partners, customers, business partners, and all levels of management.
- Experience supporting regulatory and compliance programs (such as HIPAA, PCI, MA 201 CMR 17, FedRAMP).
- Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls).
- Knowledge of risks associated with Generative AI (GenAI).
- Experience leveraging Enterprise Risk Management and Issues Management applications in the LogicGate platform.
- CISA, CISM, CRISC, CISSP, CTPRP, or similar security certification.
