• Analyst, Third Party Security

    Constellation (Chicago, IL)


    WHO WE ARE

    As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose: accelerating the transition to a carbon-free future. We have been the leader in clean energy production for more than a decade, and we are cultivating a workplace where our employees can grow, thrive, and contribute.

     

    Our culture and employee experience make it clear: We are powered by passion and purpose. Together, we're creating healthier communities and a cleaner planet, and our people are the driving force behind our success. At Constellation, you can build a fulfilling career with opportunities to learn, grow and make an impact. By doing our best work and meeting new challenges, we can accomplish great things and help fight climate change. Join us to lead the clean energy future.

    TOTAL REWARDS

    Constellation offers a wide range of benefits and rewards to help our employees thrive professionally and personally. We provide competitive compensation and benefits that support both employees and their families, helping them prepare for the future. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays, and sick days; and much more.

     

    Expected salary range of $77,400 to $86,000, varies based on experience, along with comprehensive benefits package that includes bonus and 401(k).

    PRIMARY PURPOSE OF POSITION

    Engage in job duties outlined below, to reduce risk exposure in areas of cyber and physical security; and to promote our mission of safeguarding the people, property, reputation, and shareholder value of the corporation.

     

    + Responsible for the day-to-day execution, maintenance, and results communication of the vendor Security Risk Assessment (SRA) and related processes/procedures (risk review, analysis, follow-up, meeting participation, etc.) to assess risk from a third party security risk management perspective

    + Responsible for monitoring a vendor’s SRA from start to finish. (escalating, tracking)

    + Recommend vendor risk exposures to be accurately measured, documented, and reported, escalating issues to the relevant internal team members to develop an appropriate remediation plan (if applicable)

    + Assist with generation and tracking of relevant vendor SRA metrics/KPIs including but not limited to: Actual Time to Complete, SRAs Completed Year-to-Date

    + Assist with Constellation-as-a-Vendor inbound security assessment requests

    + Interact with internal business stakeholders to define, execute, and deliver appropriate analysis

    + Update job aids to accommodate changes and test prior to implementation to ensure quality messaging

    + Process ad hoc requests for reporting and analysis

    + Scope - Interact with internal stakeholders to deliver risk analyses and perform related tasks

    + Work under limited supervision, following standard procedures to accomplish assigned tasks

    PRIMARY DUTIES AND ACCOUNTABILITIES

    + Drive and execute relevant vendor security questionnaire activities

    + Provide necessary data to properly report and track vendor SRA and vendor remediation requirement metrics

    + Assist with compliance, ad-hoc reporting, operations, and metrics tasks as needed

    MINIMUM QUALIFICATIONS

    + Bachelor's degree in related field discipline and typically 2-5 years' experience in security or related technical field or equivalent combination of education and work experience.

    + Strong communication skills, both written and oral

    + Knowledge of PC/desktop workstation applications: Microsoft Teams, Word, Excel, Outlook, PowerPoint

    + Knowledge of security concepts, terminology, and tools

    + Technical knowledge of databases, database queries, and database reporting

    PREFERRED QUALIFICATIONS

    + Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion

    + Familiarity with third-party management tools

    + Familiarity with standardized third-party security assessments such as SIG/SIG Lite

    + Familiarity with risk quantification standards such as FAIR

    + Background in third party/vendor management and governance, procurement, or regulatory compliance

    + Certification: Security+, SANS, and other related technical certifications

     

    Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.