Skip to content


Transcend the day-to-day work experience. Work inspired.

Information Security Analyst -- 3rd Party Risk concentration


Lowell - Massachusetts - USA


Information Technology

Ref #:

Apply >


This position works as part of the Privacy and Risk team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This position serves as an internal information security, privacy and risk consultant and will be primarily responsible for risk management of third party providers and cloud SaaS solutions. This position demands an organized, action oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required

• Supports the Third Party Risk Management program, providing support to Business Partners and Kronos Procurement department during vendor RFP, selection and contract negotiation processes. Identifies risks with prospective services and products and works with Business Partners to factor the risk into the vendor selection process.
• Assesses risk associated with strategic third party partner relationships, focusing on partner ability to demonstrate existence of information security controls, privacy controls and ability to support critical business functions of the company.
• Advises Business Partners on appropriate implementation of information security and privacy controls for new third party services, leveraging a combination of these controls and the Third Party’s security and privacy programs to maintain Kronos’ information security and privacy posture.
• Partners with Procurement and Legal departments during contractual negotiations to provide consultation on security and privacy clauses included in third party agreements.
• Identifies risks associated with a Third Party and tracks those risks as necessary for future assessment.
• Administers the company’s Vendor Risk Management (VRM) platform which supports the Third Party Risk program. Responsibilities include access management, configuration changes and report generation.
• Serves as an internal information security, privacy and risk consultant to the organization responding to inquiries and reported incidents
• Supports the development, implementation, and management of information security, privacy and risk policies and procedures to ensure they remain aligned with business objectives and meet regulatory requirements.
• Provides expertise and support to ensure company’s information security, privacy and risk programs remains in compliance with applicable regulations including evolving data privacy regulations
• Provides expertise in support of new company initiatives to ensure implemented solutions comply with information security and privacy standards
• Perform additional duties and projects as assigned by management


• BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent experience and a 2-5 years related work experience in information security governance and/or related functions (such as IT audit and IT Risk Management)
• Excellent verbal and written communication skills to develop positive relationships and effectively communicate with employees, vendors, customers, business partners, and all levels of management.
• Experience administering Process Unity VRM platform
• Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT, NIST to include development of policies, process and procedures within the environment
• Experience supporting regulatory and compliance programs such as HIPAA, PCI, MA 201 CMR 17
• Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls)
• Strong technical background including Active Directory, firewalls and vulnerability scanning tools highly desired; CISA, CISM, CRISC, CISSP, or similar security certification highly desired

Corporate overview

You’re empowered when you’re a Kronite. 

Want to be part of an elite group of highly skilled professionals? We think our employees are a special group of talented, energetic, and innovative people. And for that reason, we refer to ourselves as Kronites. Kronites care about more than just work. We recognize the need to maintain a healthy work-life balance – to live inspired. In fact, it’s expected! You’ll soon learn that we take work and fun seriously. No matter what position you hold at Kronos, you’re a Kronite. And we want you to feel like you have the power to make a difference in your life and the lives of others, at work and beyond. Want to learn more about our culture? Follow us on Twitter @work4kronos. #MyWorkInspired

Kronos is a global provider of workforce management and human capital management cloud solutions. Kronos’ industry-specific workforce applications are purpose built for businesses, healthcare providers, educational institutions and government agencies of all sizes. Tens of thousands of organizations – including half of the Fortune 1000® - and more than 40 million people in over 100 countries use Kronos every day. 

EEO Statement

Equal Opportunity Employer

Kronos is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, age, national origin, protected veteran status, disability or any other basis protected by federal, state or local law.

View The EEO is the Law poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

Kronos participates in E-Verify. View the E-Verify posters here.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email or please call 1 (978) 250 9800.