Cyber Security Analyst- Vendor Risk Mgmt.

Location: Newark, New Jersey US

Apply

Sign up to receive career updates before completing the application

Note: You will complete the application on the next page

×

Skip & Continue

Job Number: 1226

External Description: Requisition ID: 67197

Job Function/Category: Information Technology

Employment Type: Exempt Full Time

This is an exciting time to be joining PSEG. Our commitments, which include safety, integrity, customer focus, and diversity & inclusion, are the fabric of our culture and help drive the success of our business. We are fortunate to have an outstanding workforce of diverse and highly skilled talent who move us forward in our operational excellence journey. PSEG has more than 12,000 employees who are dedicated to the communities we serve and embody our vision: People providing Safe, Reliable, Economic and Greener Energy.

Job Summary

This position is an experienced, hands-on technical lead responsible for managing programs, policies, and procedures relating to the operation of the enterprise wide vendor risk management program. This role will support third party risk management through new vendor reviews and periodic reviews efforts.
As part of the cybersecurity team, the selected candidate will be responsible for, execution and oversight of a cybersecurity vendor risk management process.
• As part of this work, the individual will be tasked with ensuring suppliers remains in compliance with cybersecurity requirements and industry best practices.
• Track and monitor the status of each due diligence review and communicate the status with key stakeholders on a regular basis.
• This position will also play a key cybersecurity role in continuous improvement of procurement process related to cybersecurity concerns.

Please note this position requires NERC CIP background investigation prior to start.

Job Responsibilities

• Communicating with internal departments such as lines of business/business units, internal audit, senior management and more to answer vendor questions and oversee tasks
• Maintaining a database of pertinent risk information pertaining to vendor, and communicating this data via consistent reporting to senior leadership, pertinent stakeholders
• Facilitating vendor selection and contract negotiation processes
• Maintain central repository of vendor risk assessment conducted, including artifacts and supporting documentation.
• Participate in Procurement Request for Proposals to provide GRC insight.
• Participate and maintain documentation in support of audit reviews to ensure vendor risk process complies.
• Serve as subject matter expert to identify and address key vendor related risks and areas of concern associated with new and existing third parties.
• Communicate identified risks to key stakeholders and establish remediation action plans, and track and monitor identified vendor risks to closure.
• Build effective relationships with stakeholders who own and support vendor relationships
• Develop and report on key risk metrics for the vendor risk management program
• Read and understand contractual agreements to ensure identified risks comply with the Company's policies and procedures, legal, and regulatory requirements
• Vendor issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items) are reported and escalated.
• Maintain and mature cybersecurity vendor risk management tool in Service Now to deliver full vendor risk management assessments and tracking

Job Specific Qualifications

Required:

• Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering or related discipline i.e. STEM. In lieu of a degree minimum of 7 years experience

• Minimum of 3 years of experience in a vendor/risk management role.
• Experience with Governance Risk & Compliance (GRC) tools in the area of third party risk management, requirements documentation etc.
• Prior experience with technical business applications, knowledge of IT infrastructure and IT risks and controls.
• Experience with Service Now, Vendor Risk Management (VRM) tool and how to develop requirements for improvements.
• Able to work effectively with all levels of staff and build solid relationships across our vendor base.
• Demonstrated excellent verbal and written communication skills including presentation and facilitate group meetings.
• Strong analytical, problem- solving, multitasking and time management skills; ability to follow through on issues to resolution.
• Works independently with little or no supervision
• Willing to work in strong team environment, constantly teaching and learning from other team members
• Ability to explain technical concepts to the business users in the context of business requirements.
• Broad knowledge of information systems including Windows security, network security, systems development, communication networks, security software/hardware and operating systems.
• Leadership, planning and organizing, results orientation, technical/professional knowledge.
• Excellent interpersonal, organizational, managerial, financial management and leadership skills.
• Must be able to travel approximately 5% to various locations

Desired: (subject to change as needed)
• Demonstrated experience preparing, coordinating, executing and /or managing vendor programs in collaboration with stakeholders and various lines of business strongly preferred
• ISC2 Certified Information Systems Security Professional (CISSP), or equivalent
• Certifications in one or more areas or willingness to obtain: CISSP, a GIAC certification (GSEC, GCIH, or other), CEH, ECSA, CompTIA Security+, or comparable
• Technical or policy experience specific to Cybersecurity.
• Technical or related certifications.

Minimum Years of Experience

3 years of experience

Disclaimer

Certain positions at the Company may require you to have access to Part 810-Controlled Information. Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information. Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made. If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.

As an employee of PSE&G or PSEG Long Island, you should be aware that during storm restoration efforts, you may be required to perform functions outside of your routine duties and on a schedule that may be different from normal operations.

This site ( http://www.pseg.com ) is strictly for candidates who are not currently PSEG employees. PSEG employees must apply for jobs internally through empower which can be accessed through the mypseg homepage by clicking on the employee center tab, then under the empower header, choose careers.

Business needs may cause PSEG to cancel or delay filling position at any time during the selection process.

Certain positions at the Company may require you to have access to Part 810-Controlled Information. Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information. Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made. If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.

Public Service Enterprise Group (PSEG) is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legal protected characteristic. Legally protected characteristics included, race, color, religion, national origin, sex, age, marital status, sexual orientation, disability, or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.

Need to request an accommodation?

If you have a disability and need assistance submitting your resume, applying for a position or registering for a test, please call 973-430-3845. Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.

Nearest Major Market: Newark
Nearest Secondary Market: New York City
Job Segment: Risk Management, Engineer, Information Systems, Law, Computer Science, Finance, Engineering, Technology, Legal

Job Number: 67197

Community / Marketing Title: Cyber Security Analyst- Vendor Risk Mgmt.

Location_formattedLocationLong: Newark, New Jersey US

 

CONNECT WITH US