Vendor Risk Analyst

Benefits:

• Competitive compensation

• Medical, Dental, and Vision insurance

• 401(k) Retirement Savings Plan with substantial company match

• Life and Travel Insurance

• Tuition Assistance

• Wellness Reimbursement Program

• Paid Holidays and Vacation

What is a Vendor Risk Analyst?

The Vendor Risk Analyst is responsible for supporting Central Hudson's efforts to assess, monitor and mitigate information and cybersecurity risks associated with our vendors and third-party relationships. The ideal candidate will have a strong understanding of vendor risk management principles, excellent analytical skills, and the ability to communicate effectively with internal stakeholders and vendors alike.

What does a Vendor Risk Analyst do?

• Conducts comprehensive risk assessments of new and existing vendors, evaluating factors such as financial stability, regulatory compliance, security protocols and data privacy practices

• Implements and supports processes for ongoing monitoring of vendor activities and performance, identifying potential risks and implementing mitigation strategies as needed

• Collaborates with cross-functional teams to develop and update vendor risk management policies, procedures, and standards in alignment with industry best practice and regulatory requirements

• Conducts due diligence reviews of potential vendors, assessing their capabilities, reputation, and adherence to contractual obligations

• Cultivates positive and collaborative relationships with vendors, serving as a point of contact for risk-related inquiries and facilitating regular communications

• Monitors vendor compliance with contractual and regulatory requirements, escalating issues as necessary and coordinating remediation efforts as needed

• Prepares and maintains accurate records of vendor risk assessments, findings, and remediation activities, generating regular reports for senior management and regulatory authorities as required

• Provides support for storm restoration efforts

What does it take to be a Vendor Risk Analyst?

Required:

• Bachelor's degree in Cybersecurity, Information Assurance, Risk Management or related field of study. In lieu of a bachelor's degree, an associate degree in the aforementioned fields and 3 years of relevant experience or a high school diploma or equivalency degree and 5 years of relevant experience will be considered

• Strong understanding of risk management principles, methodologies, and frameworks (e.g., ISO, NIST Cybersecurity Framework, NIST RMF, NATF Supply Chain Risk)

• Familiarity with Third Party Risk Management software & tools

• Excellent analytical skills with the ability to identify, assess, and prioritize risks effectively

• Effective communication skills, with the ability to collaborate with diverse teams, and communicate complex concepts clearly and concisely

• Detail oriented with strong organizational skills and ability to manage multiple tasks and deadlines effectively

• Ability to work with limited direct supervision and professionally respond to constructive feedback

• Valid driver's license

Preferred:

• Experience in conducting risk assessments, developing risk mitigation strategies and evaluating contractual agreements

• Experience in Energy & Utilities or services industry

• Experience with Microsoft Power BI

• Experience with data visualization tools

• Relevant certifications such as CISSP, CISM, or comparable

This position has a career path which allows for advancement opportunities within a job series. The title and level are commensurate with experience. Pay range: $69,800 - $163,800

Please go to https://www.cenhud.com/employment. Click the "Search Career Opportunities" button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR