Primary job responsibilities/ description include: (1) To perform and support technical risk assessments on various technologies, systems, and processes of cloud environments in UKG. (2) To perform continuous monitoring activities to confirm the control environment is operating effectively and escalate identified deviations and track those towards resolutions. (3) To support and actively collaborate with stakeholders to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity, and availability of data in compliance with companys policies and standards. (4) To utilize industry experience and knowledge to provide expertise and support to ensure companys security framework remains in compliance with applicable regulations and internal policies and standards. (5) To provide expertise in support of new cloud environment activities and projects to ensure it complies with information security and privacy standards. (6) To assist with audits of SSAE18 SOC 1, SOC 2, and ISO compliance. Contribute risk and compliance expertise and support to assist in the achievement of cloud audit/compliance programs. (7) To facilitate the exception and exemption processes for companys policies and standards. (8) To support the development, implementation, and updating of relevant documentation (e.g. narratives, how-to documents, procedures, etc.). (9) To identify relevant key performance indicators (KPIs) and perform required reporting to quantify the effectiveness of controls implemented for risk management activities. (10) To perform additional duties and projects as assigned by management. Qualifications (1) Bachelor of Engineering (B.E.) or Bachelor of Technology (B.Tech.) degree in Computer Science or IT audit related discipline or equivalent experience. (2) A minimum of 4-5 years' work experience in information security governance and risk functions (such as IT audit or IT Risk Management). (3) Experience with information security frameworks including, SOC 2 or ISO27001/17/18 or ITGC audits. (4) Experience in risk and issue management (identification, assessment, mitigation/ treatment, tracking, escalations). (5) Experience in Security Monitoring of IT processes or IT Processes Testing (monitoring or testing of IT processes, such as, Problem, Incident, Change, Backup, Endpoint Protection/ Antivirus, Logical Access, Patch, Servers, Operating Systems, Databases and Networks). The candidate should've security/ risk related working experience at least to some of these processes, if not on all of these. (6) Experience in working closely together with business/ stakeholders for risks and issues identification and resolution. (7) Experience in Reporting or Metrics or KPI to measure effectiveness of controls. (8) Familiarity or Experience with Governance, Risk and Compliance (GRC) tools, reporting and tracking. (9) Strong verbal and written communication skills. (10) Knowledge or Experience working in Cloud environment from security/ risk standpoint (preferred). (11) CISSP, CRISC, CISA or similar security certification preferred.