Massachusetts Information Technology Jobs

Search for Jobs in Information Technology
MassHire JobQuest Logo

Job Information

UKG (Ultimate Kronos Group) Security Risk Assessor in Boston, Massachusetts

Security Risk Assessor

General information

Location:

USA - USA - Remote

Function:

Security

Ref #:

20220023376

Description & Requirements

Description

UKG is seeking a passionate Technical Security Risk Assessor for our Global Security Vulnerability and Risk team!! Do you have a passion for understanding, analyzing, and measuring technical cybersecurity risk? This might be you!

The position is responsible for overseeing, evaluating, and supporting the documentation, validation, and assessment processes necessary to assure that existing and new information technology systems meet cybersecurity and technical security risk management requirements. Ensuring appropriate treatment of security risk and assurance from internal and external perspectives is vital.

This position demands one to stay current with emerging technologies, while managing cross-team dynamics. Attributes we will look for in our candidates include excellent technical and analytical skills, communication and flexibility, innovative thinking and problem solving.

Qualifications

Primary Duties and Responsibilities:

• Leverage technical risk management processes to identify and report impact of residual risk on the organizational mission and provides recommendations to organizational leadership.

• Recommend security system controls and risk countermeasures to mitigate/correct security deficiencies.

• Recalculating priority for risks that decrease due to exploitability limitations and threats.

• Understand asset values to the organization (e.g., revenue generating, supporting critical business functions).

• Understand assets criminal value and criminally magnetic properties (e.g., data or process has a criminal value).

• Understand the liabilities and lateral exposure of a potentially breached asset with an arbitrary vulnerability.

• Trigger remediation plan and interim mitigation/detection process (e.g., set urgency, alert security operations centers, notify operations teams for priority resolution, provide executive awareness and external status reporting).

• Recognize vulnerabilities and develop and execute risk management processes, including steps and methods for assessing risk in systems to analyze cyber threats; conduct trend analysis and oversees the implementation of preventative measures.

• Calculation of inherent and residual risk based on quantitative data (i.e., asset value, expert input on certainty of loss and loss probability ranges over a period of time, running MonteCarlo simulations, risk tolerance, loss exceedance curves, cost to mitigate, transference to insurance).

• Liaise with management to understand, prioritize, and coordinate risk mitigation activities.

• Document and or enhance policies, standards, procedures, processes, work instructions and/or any documentation required as part of the security program.

Required Qualifications:

• 5+ years’ experience working in a technical security risk analysis role

• Has good organizational and interpersonal skills and broad experience in interacting successfully with both technical and non-technical people

• Experienced in leading cross functional teams (including onsite, remote, and offshore) to consensus

• Experience conducting security risk assessments, documenting findings and reporting on identified issues

• Understands operating systems, networks, applications, and applicability and limitations of security controls

• Written and verbal communication skills in security assessment documentation

• Experienced in leading cross divisional teams to consensus

• Experienced in writing information security policies and standards

• Deep understanding of security control frameworks and standards (e.g., ISO2700x, NIST 800-53, CIS, etc.)

Preferred Qualifications:

• Quantitative risk assessment experience

• Factor Analysis of Information Risk (FAIR) experience

• CISSP, CRISC, Open FAIR

• Running MonteCarlo simulations, risk tolerance, and loss exceedance curves

• Experience with risk management tools (e.g., Archer)

• Experience with security risk assessments across cloud environments (e.g., Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS)

LI-#Post

LI-#Remote

Corporate overview

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at www.ukg.com/careers

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.

View The EEO is the Law poster (https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm) and its supplement .

View the Pay Transparency Nondiscrimination Provision (https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf)

UKG participates in E-Verify. View the E-Verify posters here (https://www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) .

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com or please call 1 (978) 250 9800.

DirectEmployers