Skip to content


Transcend the day-to-day work experience. Work inspired.

Information Security Analyst (Risk concentration)


Lowell - Massachusetts - USA


Information Technology

Ref #:

Apply >


This position works as part of a security team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This position serves as an internal information security consultant and will be the subject matter expert responsible for designing, implementing, and supporting a security control framework for a multi-tenant software-as-a-service product. Primary responsibilities include oversight of SOC 1 and SOC 2 audits and monitoring control activities in certified environments. This position demands an organized, detail oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously; strong communication and customer focus is required.

• Provide information security expertise and support to assist in the achievement of both corporate and cloud compliance programs
• Provide expertise and support in customer hosted environments to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity and availability of data in compliance with organization policies and standards
• Oversee a continuous monitoring program to confirm Management may assert the control environment is operating effectively
• Implement and monitor corporate business processes, recommend improvements and assist stakeholders to achieve information security goals and objectives related to business process and IT general controls
• Conduct risk assessments in SOC 1 and SOC 2 environments and monitor remediation activities
• Manage relationship with external auditors, oversee coordination of audit fieldwork and review evidence provided to external auditors
• Utilize industry experience and knowledge to provide expertise and support to ensure company’s security framework remains in compliance with applicable regulations including evolving data privacy regulations
• As a strategic partner with internal stakeholders, consult on projects that automate business processes and drive employee efficiency to design and implement new controls to achieve compliance objectives
• Support third party security risk assessments and IT audit, and provide tracking for findings and resolution
• Provide expertise in support of new product development activities to ensure products/services comply with information security and privacy standards; provide consultation around the design and implementation of new Information Technology and business process controls
• Support the development, implementation, and updating of security policies and procedures
• Participate in calls with customers and prospective customers to discuss the Kronos Information Security programs and controls
• Perform additional duties and projects as assigned by management


• BS/BA degree in Information Systems, Computer Science, or IT audit related discipline or equivalent experience and a minimum of 5-7 years related work experience in information security governance and/or related functions (such as internal controls, IT audit, privacy, and risk management)
• Demonstrated experience with audit frameworks including SSAE 16/18 SOC 1, SOC2, ISO27001
• Demonstrated experience working as an expert in information security, risk management or IT audit
• Demonstrated experience articulating technical concepts to non-technical users
• Excellent analytical skills in order to identify security risks and appropriate measures needed to help mitigate those risks. Must be comfortable in conducting independent research of issues and inquiries in order to provide guidance when requested
• Excellent verbal and written communication skills to develop positive relationships and effectively communicate with employees, customers, auditors, business partners, and all levels of management.
• CISA, CISM, CRISC, CISSP, CPA or similar certification preferred


Corporate overview

You’re empowered when you’re a Kronite. 

Want to be part of an elite group of highly skilled professionals? We think our employees are a special group of talented, energetic, and innovative people. And for that reason, we refer to ourselves as Kronites. Kronites care about more than just work. We recognize the need to maintain a healthy work-life balance – to live inspired. In fact, it’s expected! You’ll soon learn that we take work and fun seriously. No matter what position you hold at Kronos, you’re a Kronite. And we want you to feel like you have the power to make a difference in your life and the lives of others, at work and beyond. Want to learn more about our culture? Follow us on Twitter @work4kronos. #MyWorkInspired

Kronos is a global provider of workforce management and human capital management cloud solutions. Kronos’ industry-specific workforce applications are purpose built for businesses, healthcare providers, educational institutions and government agencies of all sizes. Tens of thousands of organizations – including half of the Fortune 1000® - and more than 40 million people in over 100 countries use Kronos every day. 

EEO Statement

Kronos is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.