IT Vendor Risk Management Analyst (Hybrid Schedule)

Eversource Energy•Berlin, CT

2d•Hybrid

About The Position

The Vendor Risk Management IT Security Analyst is responsible for developing, implementing, and validating IT control standards and procedures for third‑party vendors. This role supports the full vendor lifecycle including new contracts, vendor onboarding, and system integrations to ensure alignment with Eversource’s General IT Controls, cybersecurity policies, and regulatory requirements. The analyst conducts detailed vendor risk assessments, identifies potential control gaps, and recommends remediation actions or enhanced control designs. They evaluate the effectiveness of existing vendor controls through scheduled testing based on vendor criticality tiers and document results in accordance with established risk and compliance frameworks. This position requires strong knowledge of vendor risk management principles, IT security controls, and third‑party oversight processes to ensure that vendors effectively safeguard Eversource information and systems. HYBRID WORK POLICY Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change,  based on managerial discretion and work performance. All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change. Relocation assistance is not available for this opportunity.

Requirements

Technical Knowledge: The candidate chosen for this position will hold technical IT audit knowledge for establishing in house controls aligned to COBIT, NIST and other industry standards while mitigating risks of the company’s IT Security and General Computing Control framework.
Familiarity with COBIT, NIST standards.
Full understanding of applicable state and federal legislation and industry specific regulations.
Archer GRC experience.
Skills: Risk assessment ability and internal audit experience
Excellent communication and interpersonal skills; good report writing skills
Knowledge of IT security and infrastructure
Knowledge of operating system platforms
Excellent analytical skills
Education: Four-year college degree from an accredited institution; Bachelor’s Degree in Business, Risk, IT, or related field with focus on information systems or related experience
Experience : Five (5) or more years of related experience with a minimum of two years of relevant work experience in Risk Management
Strong knowledge of IT general controls related to operations, information security and change management of systems software, application source code, network, and system database technologies
Experience testing automated and manual application controls; security testing experience required

Responsibilities

Oversees policy, standards, guidelines, and control monitoring and testing for Vendors.
Conducts process design, analysis, documentation, implementation and testing activities.
Analyzes communication and recommends updates.
Participates in the testing and evaluation of new products and processes.
Performs first level troubleshooting, analysis and monitoring of automated work processes for compliance to key security controls and practices.
Effectively communicates issues and/or concerns to stakeholders and audit management throughout the course of your work
Monitors implementation and completion of remediation efforts
Performs vendor and third-party risk assessments