Vendor Risk Analyst

Benefits :

Competitive compensation

Medical, Dental, and Vision insurance

401(k) Retirement Savings Plan with substantial company match

Life and Travel Insurance

Tuition Assistance

Wellness Reimbursement Program

Paid Holidays and Vacation

What is a Vendor Risk Analyst?

The Vendor Risk Analyst is responsible for supporting Central Hudson’s efforts to assess, monitor and mitigate information and cybersecurity risks associated with our vendors and third-party relationships. The ideal candidate will have a strong understanding of vendor risk management principles, excellent analytical skills, and the ability to communicate effectively with internal stakeholders and vendors alike.

What does a Vendor Risk Analyst do?

Conducts comprehensive risk assessments of new and existing vendors, evaluating factors such as financial stability, regulatory compliance, security protocols and data privacy practices

Performs light system administration duties for the Third-Party Risk Management (TPRM) platform (Whistic), including user access management, configuration updates, troubleshooting support, and coordination with platform support teams to ensure optimal system performance and data integrity

Implements and supports processes for ongoing monitoring of vendor activities and performance, identifying potential risks and implementing mitigation strategies as needed

Collaborates with cross-functional teams to develop and update vendor risk management policies, procedures, and standards in alignment with industry best practice and regulatory requirements

Conducts due diligence reviews of potential vendors, assessing their capabilities, reputation, and adherence to contractual obligations

Cultivates positive and collaborative relationships with vendors, serving as a point of contact for risk-related inquiries and facilitating regular communications

Monitors vendor compliance with contractual and regulatory requirements, escalating issues as necessary and coordinating remediation efforts as needed

Prepares and maintains accurate records of vendor risk assessments, findings, and remediation activities, generating regular reports for senior management and regulatory authorities as required

Provides support for storm restoration efforts

What does it take to be a Vendor Risk Analyst?

Required :

Bachelor’s degree in Cybersecurity, Information Assurance, Risk Management or related field of study. In lieu of a bachelor’s degree, an associate degree in the aforementioned fields and 3 years of relevant experience or a high school diploma or equivalency degree and 5 years of relevant experience will be considered

Strong understanding of risk management principles, methodologies, and frameworks (e.g., ISO, NIST Cybersecurity Framework, NIST RMF, NATF Supply Chain Risk)

Familiarity with Third Party Risk Management software & tools

Excellent analytical skills with the ability to identify, assess, and prioritize risks effectively

Effective communication skills, with the ability to collaborate with diverse teams, and communicate complex concepts clearly and concisely

Detail oriented with strong organizational skills and ability to manage multiple tasks and deadlines effectively

Ability to work with limited direct supervision and professionally respond to constructive feedback

Valid driver’s license

Preferred :

Experience in conducting risk assessments, developing risk mitigation strategies and evaluating contractual agreements

Experience in Energy & Utilities or services industry

Experience with Microsoft Power BI

Experience with data visualization tools

Relevant certifications such as CISSP, CISM, or comparable

Applications will be accepted until December 3, 2025.

This position has a career path which allows for advancement opportunities within a job series. The title and level are commensurate with experience. Pay range : $71,900 – $168,700

Please go to . Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance employment in individuals who are protected veterans and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR

Look to Central Hudson for an environment that fosters teamwork, safety awareness and impeccable customer service. We are committed to educational development, employee satisfaction and a diverse workforce. We also have a strong belief in and long history of promoting from within. Our employees enjoy numerous opportunities for transition and growth throughout their careers.

We offer a comprehensive benefits package including competitive compensation, health benefits, 401K plan with substantial company match, tuition assistance, wellness reimbursement, life insurance, and paid holidays and vacation.