2019-02-06
National Grid (https:\\careers.nationalgridus.com)
Other
/yr
full-time
employee
Waltham
Massachusetts
United States
Job ID 752
Location Waltham, Massachusetts
Organization Legal, Regulatory and Compliance
Department DIGITAL SECURITY & RISK E
About us
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.
Job Purpose
IS Compliance, Vendor Assurance Senior Analyst: Responsible for support of the Vendor Assurance Program, evaluation of vendor risks in relation to services provided, assist Procurement teams in determining related risk and ensure contract terms and conditions align to Compliance and Risk Management needs. Responsible for vendor evaluations, identifying control deficiencies to ensure compliance with regulations and internal controls; recommend improvements in internal control structure; conduct independent assessments of third parties; conduct assessments for utility regulations, including NERC, PCI, MA 201, HIPAA, SOX, FERC and other international, federal and state regulations.
Key Accountabilities
Support Vendor Assurance Program, integrating Risk and Compliance management into Procurement processes.
Manage complex environment of vendors providing services to National Grid.
Work with third party service providers to evaluate control design and operating effectiveness.
Develop, plan and execute compliance assessment based on documented process.
Develop and execute clearly written test plans based on control objectives in a repeatable manner.
Ensure compliance with established internal control procedures by examining records, reports, operating practices, and documentation.
Develop plan to assess vendors throughout the year balancing workload and assessments.
Verify the design and effectiveness of controls to secure information system assets, including people, processes and technologies.
Complete work papers by documenting compliance assessments and findings clearly articulating test methodology and steps taken.
Prepare reports by collecting, analyzing, and summarizing information.
Prepare regular status reports for internal management.
Communicate findings by preparing a final report; discussing findings with auditees and documenting results.
Communicate findings with IS Risk to coordinate findings, develop action plans based on risks and confirm that appropriate steps are taken to close out findings.
Ensure controls support Compliance with International, Federal, State, and Local requirements; enforcing adherence and advising management on needed actions.
Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.
Contribute to team effort by accomplishing defined objectives and implementing agreed upon process improvements.
Work with internal stakeholders, including Regulatory, Legal and IT to build and maintain relationships and deliver value.
Others as Required
Qualifications
Bachelor’s Degree Required
3-5 Years of IS Audit Experience
CISA – Desired
CRISC – Desired
CISM – Desired
Archer GRC (Preferred)
Understanding of assessing third party service providers and associated risks
Understanding of SSAE 18, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles
Understanding of SAP systems and controls
Strong presentation skills
Knowledge of control frameworks (COSO, CobIT, ISO, UCF, NIST)
Understanding of utility regulations (Gas and Electric)
Understanding of third party risk management
Understanding of international regulations a plus
Understanding of key control Indicators a plus
Ability to demonstrate management of internal and external audit organizations
Willing to travel (30%), including international
Passport / VISA required
More Information
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.