Don't worry, we can still help! Below, please find related information to help you with your job search.
It Vendor Risk Management Analyst
Company | EVERSOURCE |
Address | , Berlin, Ct |
Employment type | |
Salary | |
Expires | 2023-07-01 |
Posted at | 1 year ago |
Check out this video and find out why our team loves to work here!
As a team member of the IT Governance, Risk and Identity Access Management Team, your primary focus will be to assess the security posture of vendors in accordance with our IT Vendor Risk Management (VRM) Program throughout the entire vendor lifecycle. The key phases of the lifecycle managed program include vetting for potential technology vendors, interacting with requesting business stakeholders, ensuring proper risk ranking and associating right-sized and focused due diligence questionnaires, interacting with, challenging, and confirming requirements with third party security team members. Key purpose is to ensure that the use of service providers, and IT suppliers, does not create an unacceptable potential for business disruption or a negative impact on Eversource’s business performance. Leveraging Archer GRC for VRM management, supports the assessment, monitoring and management of risk exposure from entities that provide products and services or have access to, Eversource’s enterprise information.
Oversight of Eversource’s Vendor Risk Management Program is a regulatory requirement and therefore include ongoing reviews and updates to ensure policies and procedures are current, practiced and effective. Selected candidate will be required to research and keep current with regulatory requirements and will have the autonomy to process findings and exceptions, along with mitigating controls, as needed.
- Construct VRM Program requirements to enable the development and execution of a third party risk assessment process as part of the overall enterprise risk management program.
- Acts as a liaison for all cybersecurity VRM activities with stakeholders
- Create and generate required reports to ensure compliance with processes and policies
- Work with Sourcing Managers or directly with business (non-SVM managed categories) to conduct due diligence efforts for high risk vendors
- Skills and expertise in Vendor Risk classification and due diligence standards, monitoring, measurement and analysis
- Identify and drive opportunities to mature the VRM Program
- Demonstrates thorough understanding of outsourcing business models, regulatory drivers, data governance factors and risk management frameworks involved in third party risk management.
- Differentiate each of the VRM Program components required to design, implement and operate a third-party risk management program based upon mitigating different types of third party risk.
- Illustrate knowledge of the control environment for evaluating third party risk for each of the risk control domains from the point of view of the outsourcer and the service provider.
- Familiarity to governance policy, standard and procedure structure
- Coordinate on-going annual risk reviews and controls assurance activity
Skills preferred:
- Experience reviewing vendor risk assessments
- Practices and procedures within the information security and privacy field
- Overall procurement process and a clear understanding of technology risk’s role in that process
- Advanced analytical and problem-solving skills
- Ability to report out results to stakeholders
- Federal regulations regarding service providers
- Cloud computing and understanding of how to assess cloud related risks
- Knowledge of NIST
- Information security standards and laws
- Regulatory landscape and its applicability to the vendor ecosystem
- Experience reviewing and interpreting SOC 2 Type 2 reports
Education & Experience
- 5+ years working in third-party risk management
- Bachelor’s degree in Management Information Systems, Computer Science, and/or Business, or equivalent work experience
Certifications preferred: CISSP, ISACA (CISM, CRISC, CDSPE, CTPRP etc.)
Worker Type:
RegularNumber of Openings:
1EEO Statement
Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.
VEVRRA Federal Contractor
Vaccination Information:
Eversource requires all new employees to be fully vaccinated for COVID-19 by their first day of employment. If you have any concerns regarding compliance with this requirement, you will need to discuss your concerns with Eversource’s HR department after you have been made a conditional offer of employment. Eversource does not require applicants to discuss vaccination status prior to receipt of a conditional offer of employment and complies with all applicable laws.
Emergency Response:
Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment. This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.
-
Systems Analyst - Excel, Xml, Sql, Scripting
By CyberCoders At Salt Lake City, UT, United States 8 months ago
-
(Senior) Finance & Shared Services Manager
By Catholics For Choice At Washington, DC, United States 8 months ago
-
Paralegal - Probate Administration
By CyberCoders At Miami, FL, United States 8 months ago
-
Account Executive - Automotive Software
By ECW Search At United States 8 months ago
-
Construction Project Coordinator Jobs
By CyberCoders At River Falls, WI, United States 8 months ago