It Vendor Risk Management Analyst

Check out this video and find out why our team loves to work here!

As a team member of the IT Governance, Risk and Identity Access Management Team, your primary focus will be to assess the security posture of vendors in accordance with our IT Vendor Risk Management (VRM) Program throughout the entire vendor lifecycle. The key phases of the lifecycle managed program include vetting for potential technology vendors, interacting with requesting business stakeholders, ensuring proper risk ranking and associating right-sized and focused due diligence questionnaires, interacting with, challenging, and confirming requirements with third party security team members. Key purpose is to ensure that the use of service providers, and IT suppliers, does not create an unacceptable potential for business disruption or a negative impact on Eversource’s business performance. Leveraging Archer GRC for VRM management, supports the assessment, monitoring and management of risk exposure from entities that provide products and services or have access to, Eversource’s enterprise information.
Oversight of Eversource’s Vendor Risk Management Program is a regulatory requirement and therefore include ongoing reviews and updates to ensure policies and procedures are current, practiced and effective. Selected candidate will be required to research and keep current with regulatory requirements and will have the autonomy to process findings and exceptions, along with mitigating controls, as needed.

Skills preferred:

• Experience reviewing vendor risk assessments
• Practices and procedures within the information security and privacy field
• Overall procurement process and a clear understanding of technology risk’s role in that process
• Advanced analytical and problem-solving skills
• Ability to report out results to stakeholders
• Federal regulations regarding service providers
• Cloud computing and understanding of how to assess cloud related risks
• Knowledge of NIST
• Information security standards and laws
• Regulatory landscape and its applicability to the vendor ecosystem
• Experience reviewing and interpreting SOC 2 Type 2 reports

Education & Experience

• 5+ years working in third-party risk management
• Bachelor’s degree in Management Information Systems, Computer Science, and/or Business, or equivalent work experience

Certifications preferred: CISSP, ISACA (CISM, CRISC, CDSPE, CTPRP etc.)

Worker Type:

Number of Openings:

EEO Statement

Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.

VEVRRA Federal Contractor

Vaccination Information:

Eversource requires all new employees to be fully vaccinated for COVID-19 by their first day of employment. If you have any concerns regarding compliance with this requirement, you will need to discuss your concerns with Eversource’s HR department after you have been made a conditional offer of employment. Eversource does not require applicants to discuss vaccination status prior to receipt of a conditional offer of employment and complies with all applicable laws.

Emergency Response:

Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment. This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.