IT Vendor Risk Management Analyst job at Eversource Energy in Berlin, CT

Title: IT Vendor Risk Management Analyst Location: Berlin, CT Work Type: Hybrid, Full Time Job ID: R-029763 Job Description: Eversource will not offer immigration-related sponsorship for this position. Applicants who require immigration sponsorship—either now or in the future—should not apply. This includes, but is not limited to, direct company sponsorship, listing Eversource as the employer of record on immigration documents, or any work authorization that requires company involvement or documentation (e.g., H-1B, OPT, STEM OPT, CPT, TN, J-1, O-1, etc.). The Vendor Risk Management IT Security Analyst is responsible for developing, implementing, and validating IT control standards and procedures for third‑party vendors. This role supports the full vendor lifecycle including new contracts, vendor onboarding, and system integrations to ensure alignment with Eversource’s General IT Controls, cybersecurity policies, and regulatory requirements. The analyst conducts detailed vendor risk assessments, identifies potential control gaps, and recommends remediation actions or enhanced control designs. They evaluate the effectiveness of existing vendor controls through scheduled testing based on vendor criticality tiers and document results in accordance with established risk and compliance frameworks. This position requires strong knowledge of vendor risk management principles, IT security controls, and third‑party oversight processes to ensure that vendors effectively safeguard Eversource information and systems. HYBRID WORK POLICY Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature ofworkand team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject tochange, basedon managerial discretion and work performance. All applicants must be able towork up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change. Relocation assistance is not available for this opportunity. Essential Functions: Oversees policy, standards, guidelines, and control monitoring and testing for Vendors. Conducts process design, analysis, documentation, implementation and testing activities. Analyzes communication and recommends updates. Participates in the testing and evaluation of new products and processes. Performs first level troubleshooting, analysis and monitoring of automated work processes for compliance to key security controls and practices. Effectively communicates issues and/or concerns to stakeholders and audit management throughout the course of your work Monitors implementation and completion of remediation efforts Performs vendor and third-party risk assessments Technical Knowledge/Skill/Education/Licenses/Certifications: Technical Knowledge/Skill: Technical Knowledge: The candidate chosen for this position will hold technical IT audit knowledge for establishing in house controls aligned to COBIT, NIST and other industry standards while mitigating risks of the company’s IT Security and General Computing Control framework. Familiarity with COBIT, NIST standards. Full understanding of applicable state and federal legislation and industry specific regulations. Archer GRC experience. Skills: Risk assessment ability and internal audit experience Excellent communication and interpersonal skills; good report writing skills Knowledge of IT security and infrastructure Knowledge of operating system platforms Excellent analytical skills Education: Four-year college degree from an accredited institution; Bachelor’s Degree in Business, Risk, IT, or related field with focus on information systems or related experience Experience: Five (5) or more years of related experience with a minimum of two years of relevant work experience in Risk Management Strong knowledge of IT general controls related to operations, information security and change management of systems software, application source code, network, and system database technologies Experience testing automated and manual application controls; security testing experience required Licenses & Certifications: None Working Conditions: Must be available to work emergency restoration assignment as required. Must be available to travel between MA/CT/NH as necessary. Mental Aspects: N/A #LI-ES3 Competencies: Build trusting relationships Manage and develop people Foster teamwork and cross-functional collaboration Lead change Communicate strategic vision Create an engaged workforce Focus on the customer Take ownership & accountability Compensation and Benefits: Eversource offers a competitive total rewards program.Check out our careers site for an overview of our benefits programs. Salary is commensurate with your experience. This position is eligible for a potential incentive.The annual salary range for this position is: $119,100.00-$132,330.00 Worker Type: Regular Number of Openings: 1 Apply tot his job Apply To this Job