National Grid Sr. IT Compliance Analyst in Waltham, Massachusetts

_About the Position:_

We are seeking an IS Compliance Analyst who will be* *responsible for supporting our Vendor Assurance Program. In this role, the incumbent will be responsible for the evaluation of vendor risks for services provided, assist our procurement team in determining related risk and ensure contract terms and conditions align with Compliance and Risk management needs.

In addition to vendor evaluations and assessments. We need the incumbent to be savvy with identifying internal control deficiencies and be able to provide appropriate recommendations for improvements; this will also include independent assessments of third parties, conduct assessments for utility regulations which includes the following: NERC, PCI, MA 201, HIPPA, SOX, FERC and other international, federal and state regulations.

Job Duties:

  • Support Vendor Assurance Program, integrating Risk and Compliance management into procurement processes.

  • Manage Complex environment of vendors providing services to National Grid

  • Identify Associated risks related to Information Security, including operational technologies with embedded information technology

  • Work with third party service providers to evaluate control design and operating effectiveness.

  • Develop, plan and execute compliance assessment based on documented process

  • Develop and execute clearly written test plans based on control objectives in a repeatable manner

  • Ensure compliance with established internal control procedures by examining records, reports, operating practices, and documentation.

  • Develop plan to assess vendors throughout the year balancing workload and assessments

  • Verify the design and effectiveness of controls to secure information system assets, including people processes and technologies.

  • Complete work papers by documenting compliance assessments and findings clearly articulating test methodology and steps taken.

  • Prepare reports by collecting, analyzing, and summarizing information

  • Prepare regular status reports for internal management

  • Communicate findings by preparing a final report; discussing findings with auditees and documenting results

  • Communicate findings with the IS risk team to coordinate findings, develop action plans based on risks and confirm that appropriate steps are taken to close out findings.

  • Ensure controls support Compliance with International, Federal, State, and local requirements; enforcing adherence and advising management on needed actions.

  • Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.

  • Contribute to team effort by accomplishing defined objectives

  • Work with internal stakeholders, including regulatory, legal and IS to build and maintain relationships and deliver value.

  • Others as Required

*Knowledge & Experience Required:*

  • Bachelor’s degree in Computer Science or similar discipline; or equivalent work experience.

  • Advanced Degree in Cyber Security Preferred

  • 3-5 years of relevant experience as an IT Auditor

  • Strong understanding of supplier contracts

  • Willingness to challenge that status quo and drive accountability

  • Ability to influence and build relationships and demonstrate team leadership in all interactions.

  • Exceptional written and verbal communication skills. Communicates effectively with business clients to identify needs and evaluate alternative business solutions.

  • Extensive experience in MSOffice, Visio

  • Archer GRC (Preferred)


  • Have 3 years’ experience in working in the Utility (Gas/Electric) domain with in a project setting.

  • Certifications in Information Security, including CISA, CISM, CISSP, CRISC strongly desired

This position has a career path which provides for promotional opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills.

The selected candidate will move laterally at their current band and market reference point and will not be eligible for a promotion at the time of accepting this position. This applies to candidates moving within the same career path (e.g., analyst, supervisor, engineer), or to a different career path (e.g., analyst to engineer, supervisor to analyst). The selected candidate will have an opportunity to be promoted within the career path during the annual salary planning process.

Job: *Information Services

Organization: *Information Services

Title: Sr. IT Compliance Analyst

Location: MA-Waltham

Requisition ID: 20181085

Other Locations: NY-Brooklyn, NY-Syracuse