IT Vendor Risk Management Analyst (Hybrid Schedule)
About the position The Vendor Risk Management IT Security Analyst is responsible for developing, implementing, and validating IT control standards and procedures for third‑party vendors. This role supports the full vendor lifecycle including new contracts, vendor onboarding, and system integrations to ensure alignment with Eversource’s General IT Controls, cybersecurity policies, and regulatory requirements. The analyst conducts detailed vendor risk assessments, identifies potential control gaps, and recommends remediation actions or enhanced control designs. They evaluate the effectiveness of existing vendor controls through scheduled testing based on vendor criticality tiers and document results in accordance with established risk and compliance frameworks. This position requires strong knowledge of vendor risk management principles, IT security controls, and third‑party oversight processes to ensure that vendors effectively safeguard Eversource information and systems. HYBRID WORK POLICY Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance. All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change.
Responsibilities
- Oversees policy, standards, guidelines, and control monitoring and testing for Vendors.
- Conducts process design, analysis, documentation, implementation and testing activities.
- Analyzes communication and recommends updates.
- Participates in the testing and evaluation of new products and processes.
- Performs first level troubleshooting, analysis and monitoring of automated work processes for compliance to key security controls and practices.
- Effectively communicates issues and/or concerns to stakeholders and audit management throughout the course of your work
- Monitors implementation and completion of remediation efforts
- Performs vendor and third-party risk assessments
Requirements
- Technical Knowledge: The candidate chosen for this position will hold technical IT audit knowledge for establishing in house controls aligned to COBIT, NIST and other industry standards while mitigating risks of the company’s IT Security and General Computing Control framework.
- Familiarity with COBIT, NIST standards.
- Full understanding of applicable state and federal legislation and industry specific regulations.
- Archer GRC experience.
- Skills: Risk assessment ability and internal audit experience
- Excellent communication and interpersonal skills; good report writing skills
- Knowledge of IT security and infrastructure
- Knowledge of operating system platforms
- Excellent analytical skills
- Education: Four-year college degree from an accredited institution; Bachelor’s Degree in Business, Risk, IT, or related field with focus on information systems or related experience
- Experience: Five (5) or more years of related experience with a minimum of two years of relevant work experience in Risk Management
- Strong knowledge of IT general controls related to operations, information security and change management of systems software, application source code, network, and system database technologies
- Experience testing automated and manual application controls; security testing experience required
Benefits
- Eversource offers a competitive total rewards program.
- This position is eligible for a potential incentive.
Apply tot his job Apply To this Job