Third Party Security Risk Assurance Intern

As an NRG employee, we encourage you to take charge of your career and development journey. We invite you to explore exciting opportunities across our businesses. You’ll find that our dynamic work environment provides variety and challenge. Your growth is key to our ongoing success—take the lead in shaping your career development, goals and future!

THIRD PARTY SECURITY RISK ASSURANCE INTERN

The role will collaborate with internal and external parties to ensure that NRG’s minimum security control requirements are implemented for any critical partner or third-party doing business with the company. The role will be responsible for evaluating the security posture, security compliance, privacy, and security maturity of third parties and identify any potential security risks that would require remediation. 

Essential Tasks:

• Performing vendor security assessments of third-party vendors to evaluate their security maturity and identify any potential deficiencies
• Identify and reduce potential security risks during the security risk assessment
• Provide continuous third-party monitoring for potential vulnerabilities, security breaches, and/or security trends
• Analyze security attestations, audit reports, questionnaires, and memos to evaluate their security maturity and identify any potential deficiencies
• Maintain adequate documentation of the vendor security assessment to ensure the business is aware of any potential security risk(s) and required remediation
• Support and maintain key program metrics and risk reporting for management
• Work in partnership with various internal team members and business partners to ensure a fluid vendor onboarding experience

Desired Skills:

• Familiarity with common security control frameworks
• Ability to identify, evaluate, document, and communicate third-party security deficiencies
• Foster lasting partnerships with diverse teams across the organization
• Communicating the importance of the program, third-party security risks, and the impact on the organization
• Strong writing and documentation abilities

Desired Experience:

• Familiarity with security risk assessments, security assurance, IT operations, or IT audit control testing
• Familiarity with the NIST Cybersecurity Framework (CSF)
• Base level knowledge of enterprise information technology tools and solutions
• Project management and process improvement experience

NRG Energy is committed to a drug and alcohol-free workplace. To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Vet/Disability. Level, Title and/or Salary may be adjusted based on the applicant's experience or skills.

Official description on file with Talent.