Title: IT Vendor Risk Management Analyst
Location: Berlin, CT
Work Type: Hybrid, Full Time
Job ID: R-029763
Job Description:
Eversource will not offer immigration-related sponsorship for this position. Applicants who require immigration sponsorship—either now or in the future—should not apply. This includes, but is not limited to, direct company sponsorship, listing Eversource as the employer of record on immigration documents, or any work authorization that requires company involvement or documentation (e.g., H-1B, OPT, STEM OPT, CPT, TN, J-1, O-1, etc.).
The Vendor Risk Management IT Security Analyst is responsible for developing, implementing, and validating IT control standards and procedures for third‑party vendors. This role supports the full vendor lifecycle including new contracts, vendor onboarding, and system integrations to ensure alignment with Eversource’s General IT Controls, cybersecurity policies, and regulatory requirements.
The analyst conducts detailed vendor risk assessments, identifies potential control gaps, and recommends remediation actions or enhanced control designs. They evaluate the effectiveness of existing vendor controls through scheduled testing based on vendor criticality tiers and document results in accordance with established risk and compliance frameworks. This position requires strong knowledge of vendor risk management principles, IT security controls, and third‑party oversight processes to ensure that vendors effectively safeguard Eversource information and systems.
HYBRID WORK POLICY
Eversource supports work-life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature ofworkand team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject tochange, basedon managerial discretion and work performance. All applicants must be able towork up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change.
Relocation assistance is not available for this opportunity.
Essential Functions:
Oversees policy, standards, guidelines, and control monitoring and testing for Vendors.
Conducts process design, analysis, documentation, implementation and testing activities.
Analyzes communication and recommends updates.
Participates in the testing and evaluation of new products and processes.
Performs first level troubleshooting, analysis and monitoring of automated work processes for compliance to key security controls and practices.
Effectively communicates issues and/or concerns to stakeholders and audit management throughout the course of your work
Monitors implementation and completion of remediation efforts
Performs vendor and third-party risk assessments
Technical Knowledge/Skill/Education/Licenses/Certifications:
Technical Knowledge/Skill:
Technical Knowledge:
The candidate chosen for this position will hold technical IT audit knowledge for establishing in house controls aligned to COBIT, NIST and other industry standards while mitigating risks of the company’s IT Security and General Computing Control framework. Familiarity with COBIT, NIST standards.
Full understanding of applicable state and federal legislation and industry specific regulations.
Archer GRC experience.
Skills:
Risk assessment ability and internal audit experience
Excellent communication and interpersonal skills; good report writing skills
Knowledge of IT security and infrastructure
Knowledge of operating system platforms
Excellent analytical skills
Education:
Four-year college degree from an accredited institution; Bachelor’s Degree in Business, Risk, IT, or related field with focus on information systems or related experience
Experience:
Five (5) or more years of related experience with a minimum of two years of relevant work experience in Risk Management
Strong knowledge of IT general controls related to operations, information security and change management of systems software, application source code, network, and system database technologies
Experience testing automated and manual application controls; security testing experience required
Licenses & Certifications:
None
Working Conditions:
Must be available to work emergency restoration assignment as required.
Must be available to travel between MA/CT/NH as necessary.
Mental Aspects:
N/A
#LI-ES3
Competencies:
Build trusting relationships
Manage and develop people
Foster teamwork and cross-functional collaboration
Lead change
Communicate strategic vision
Create an engaged workforce
Focus on the customer
Take ownership & accountability
Compensation and Benefits:
Eversource offers a competitive total rewards program.Check out our careers site for an overview of our benefits programs. Salary is commensurate with your experience. This position is eligible for a potential incentive.The annual salary range for this position is:
$119,100.00-$132,330.00
Worker Type:
Regular
Number of Openings:
1