Address
SalaryCOMPANY OVERVIEW
As the nation's largest producer of clean, carbon-free energy, Constellation is a company purposely-built to meet the challenges of the climate crisis. Constellation has been the leader in clean energy production for more than a decade and we are growing our company and capabilities. Now, we're accelerating, speeding our low-carbon or no-carbon power to more people in more places, day and night, providing our customers and communities with options to buy, manage and use energy as part of their decarbonization mission. The race is on to confront the climate crisis and Constellation is ready to meet the challenge. Come join us as we lead energy, together.
TOTAL REWARDS
Constellation offers a wide range of benefits and rewards, designed to help our employees thrive professionally and personally. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program comprehensive medical, dental and vision benefits, including a robust wellness program paid time off for vacation, holidays and sick days and much more.
Expected salary range of $77,400 to $86,000, varies based on experience, along with comprehensive benefits package that includes bonus and 401(k).
PRIMARY PURPOSE OF POSITION
Engage in job duties outlined below, to reduce risk exposure in areas of cyber and physical security and to promote our mission of safeguarding the people, property, reputation, and shareholder value of the corporation:
- Responsible for the day-to-day execution, maintenance, and results communication of the vendor Security Risk Assessment (SRA) and related processes/procedures (risk review, analysis, follow-up, meeting participation, etc.) to assess risk from a third party security risk management perspective.
- Responsible for monitoring a vendor's SRA from start to finish. (escalating, tracking).
- Recommend vendor risk exposures to be accurately measured, documented, and reported, escalating issues to the relevant internal team members to develop an appropriate remediation plan (if applicable).
- Assist with generation and tracking of relevant vendor SRA metrics/KPIs including but not limited to: Actual Time to Complete, SRAs Completed Year-to-Date.
- Assist with Constellation-as-a-Vendor inbound security assessment requests.
- Interact with internal business stakeholders to define, execute, and deliver appropriate analysis.
- Update job aids to accommodate changes and test prior to implementation to ensure quality messaging.
- Process ad hoc requests for reporting and analysis Scope.
- Interact with internal stakeholders to deliver risk analyses and perform related tasks.
- Work under limited supervision, following standard procedures to accomplish assigned tasks
PRIMARY DUTIES AND ACCOUNTABILITIES
- Drive and execute relevant vendor security questionnaire activities
- Provide necessary data to properly report and track vendor SRA and vendor remediation requirement metrics
- Assist with compliance, ad-hoc reporting, operations, and metrics tasks as needed
MINIMUM QUALIFICATIONS
- Bachelor's degree in related field discipline and typically 2-5 years' experience in security or related technical field or equivalent combination of education and work experience.
- Strong communication skills, both written and oral
- Knowledge of PC/desktop workstation applications: Microsoft Teams, Word, Excel, Outlook, PowerPoint
- Knowledge of security concepts, terminology, and tools
- Technical knowledge of databases, database queries, and database reporting
PREFERRED QUALIFICATIONS
- Strong analytical and problem-solving skills with the ability to analyze data, identify opportunities, determine solutions, identify and obtaining needed resources, and execute to completion
- Familiarity with third-party management tools such as Fortress and RSA Archer
- Familiarity with standardized third-party security assessments such as SIG/SIG Lite
- Background in third party/Vendor Management and governance, procurement, or regulatory compliance
- Certification: Security+, SANS, and other related technical certifications
