Position reports to the Director of Cybersecurity – Analyst will be considered a SME and will play a pivotal role in the assessment and on-going monitoring of Avangrid’s vendor portfolio. The analyst will contribute to the implementation, maintenance and continuous process improvement of the Avangrid Corporate Security third party and supplier risk management program and process. This includes, but is not limited to, collaborating with internal stakeholders and external third parties to ensure that appropriate and adequate security protections are addressed in third party relationships, prior to engagement in or continuing a third-party relationship. This position will require working with geographically dispersed business partners, technical staff, internal and external legal teams, purchasing and third parties.
- Performing third party risk evaluations and assessments on vendors and other third parties with which AVANGRID data is shared, stored, processed or transmitted to ensure that proper security controls are in place.
- Performing third party risk evaluations and assessments for products or services related to a Bulk Electric System (BES) cyber system or associate cyber assets. (i.e. NERC CIP-013)
- Reviewing AVANGRID agreements being negotiated with vendors and other third parties with which AVANGRID data is shared, stored, processed or transmitted to ensure that AVANGRID privacy, data breach, and confidentiality requirements are met.
- Assist with the development and delivery of training to the various supply chain stakeholders and/or business areas on the third party and supplier risk management program.
- Ensuring third party program materials are complete and current.
- Assist with maintaining the third-party risk and exceptions databases.
- Contribute to internal initiatives, including methodology and program enhancements.
- Assist with the day-to-day risk mitigation, monitoring, analysis, and reporting as it relates to third-party relationships.
- Participating in external industry expert forums, global working groups and external organizations or groups.
- Perform other duties and responsibilities as assigned.
Education and Experience
- Bachelor’s Degree, in information/data security, information technology, computer science or related field of study.
- Graduate: 0-2 Years
- Experience in information/cyber security risk management, auditing, assessment and/or compliance capacity; as well as related experience in purchasing (RFI/RFP), contracts (review), and project management is preferred.
Required Skills and Abilities:
- Ability to build effective relationships with key stakeholders locally and globally
- Ability to lead work processes and work independently
- Strong documentation and communications skills
- Ability to interpret and determine the impact of third-party risks on the business areas
- Ability to understand and communicate compliance and regulatory requirements
- Demonstrated ability to manage multiple concurrent assignments, strong multi-tasking skills
- Knowledge of industry authoritative sources such as NIST, COBIT, SOC2, CSF, and ISO standards is a plus
- Excellent oral and written communication skills.
- Demonstrated problem solving and analytical skills.
- Strong attention to detail and ability to multitask.
- Desire to seek job specific advanced training and certifications
- Must be a team player, willingness to learn and adapt quickly with a positive and upbeat mindset