Power Industry Jobs

The most used job board by electric power industry professionals.

Principal Security Risk Analyst Job

Xcel Energy

Position Type:
Rqd Education:
Rqd Experience: 5+ years
Date Posted: December 21, 2022
Reference Code: 53404-en_US

Job Grade: R
Hierarchy: No - We can only hire at the posted level
Union Position: Non-Bargaining

Position Summary
Join the Security Risk Advisory team within Xcel Energy's Enterprise Security and Emergency Management (ESEM) department! Principal Security Risk Analysts partner with the business and technology teams to understand Xcel Energy's technology landscape, assess risks, and drive risk management processes. Most risk management activities are focused on cyber risk but ESEM is responsible for both physical and cyber risks and managing risks from all-hazards. Depending on the team, analysts may focus on enterprise IT, operational (including industrial control systems), or nuclear business units.

This position can be filled out of one of the following locations: Denver, CO, Minneapolis, MN, Eau Claire, WI and Amarillo, TX.

Essential Responsibilities


  • Build and maintain security risk management processes that enable security risks to be identified, tracked, and managed at both a Business Unit & Enterprise level.
  • Analyzes results from various security risk and control assessments to aggregate security risks and adjust risk ratings on a periodic basis.
  • Manages security findings from various security risk assessments as well as security findings reported by various business units.
  • Communicates security risks with teams across the organization in business-friendly language.
  • Mentor/coach and give work direction to Analysts & Sr. Analysts.
  • Develops and gives presentations appropriate for senior level audiences.
  • Develops and implements risk management frameworks, methodologies, and processes.
  • Proficient in GRC and risk assessment tools and recommends and drives process improvements.

Minimum Requirements



  • Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
  • Minimum of 8 years of experience working in security (physical or cyber).
  • 3 years of experience with risk assessments, audit or control testing.
  • Experience and expertise in security and lifecycle management, auditing methodology, and technology risk assessments.
  • Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
  • Ability to document and explain risks and vulnerabilities to both business and technical stakeholders.
  • Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
  • Solid understanding of information security policies, standards, industry best practices, and framework (ISO 27K, NIST 800-53, FISMA, BITS etc.).
  • Strong business acumen with the proven ability to bridge the gap between business and technology.

Preferred Requirements (experience in one or more)



  • Security or Risk-related certifications (CRISC, CISSP, CISA, etc.)
  • Use of quantitative risk assessments methodologies, such as Factor Analysis of Information Risk (FAIR)
  • Experience conducting benchmarking or assessments using the NIST Cyber Security Framework (CSF)
  • Cyber risk assessments of cloud-based services (e.g. SaaS, IaaS, PaaS)
  • Experience using MITRE ATT&CK framework
  • FedRAMP experience
  • Third Party Security Risk Assessments
  • SAP Security

During COVID-19 Pandemic this position may require the ability to temporarily work remote within the company service territory until company protocol dictates return to the office criteria has been met. Telecommuting Policy: A plan has been created to officially rollout a hybrid work-from-home option that will take effect when it is safe to move forward to return to the workplace. This position will participate in this new policy.

Competency Band:


  • Accountability
  • Customer and Stakeholder Engagement
  • Job and Business Expertise
  • Operational Excellence
  • Relationship Focused


Location(s): CO - Denver; MN - Minneapolis; TX - Amarillo; WI - Eau Claire
Organization: Strategy Plng and Ext Affairs
Department: 70080:Business Security Risk & Spprt
Schedule: Full-Time

Non-Union jobs will be posted internally for a minimum of 5 business days, after 5 days the job may be unposted at any time.
Union jobs will be posted based on the union agreement.

The anticipated starting base pay for this position is: $90,000 to $127,333 per year

This position may also be eligible for the following benefits and/or pay components: Pay - Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Personal holidays, Volunteer Paid Time Off (VPTO) (full-time employees only), Parental Leave

Click here to see our benefits

Recruiter: Lea M Felty
Hiring Manager: Michael J Mckinlay

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com


About this Employer

As a leading electric and natural gas energy company, we offer a comprehensive portfolio of energy-related products and services to 3.4 million electricity customers and 1.9 million natural gas customers across our eight states: Colorado, Michigan, Minnesota, New Mexico, North Dakota, South Dakota, Texas and Wisconsin.

Our workforce of more than 12,000 is rising to the challenge of a dynamic, constantly-changing utility industry. One that requires us to be even more customer focused, forward thinking and productive while remaining committed to meeting our customers’ fundamental need for safe, reliable, affordable energy.

With nearly 50% of our workforce eligible to retire in the next five years, there’s never been a better time to come on board. Do you have a passion for renewable energy, like wind or solar? Or care about giving back to the community? You’ll be in a position to directly impact our energy future.

At Xcel Energy, you’ll be challenged, respected and rewarded. You’ll find an ethical team committed to excellence, safety and environmental stewardship. A dynamic company where you’ll have meaningful work that makes a difference.