Security Risk Analyst Job
Job Grade: P
Hierarchy: Yes - We may hire at a higher level
Union Position: Non-Bargaining
Join the Security Risk Advisory team within Xcel Energy's Enterprise Security and Emergency Management (ESEM) department! Security Risk Analysts partner with the business and technology teams to understand Xcel Energy's technology landscape, assess risks, and oversee risk management processes across the enterprise. Most risk management activities are focused on cyber risk but ESEM is responsible for both physical and cyber risks, and managing risks from all-hazards. Depending on the team, analysts may focus on enterprise IT, operational (including industrial control systems), or nuclear business units.
This position can be filled out of one of the following locations: Denver, CO, Minneapolis, MN, Eau Claire, WI and Amarillo, TX.
- Performs Security Risk Assessments to identify vendor/third party risks
- Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization.
- Validates remediation plans are in place to reduce risk where possible. Manages cycle to reassess accepted risks, obtain sign-off, and provide reporting.
- Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process. Translates technical language into business terms to facilitate understanding of risk to the business.
- Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements.
- Collaborates with senior and principal risk analysts on activities related to risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations, and the development of communication and presentations for internal and external audiences.
- Supports on the development of communications and presentations appropriate for senior level audiences and external regulators.
- Minimum of 3 years experience working in a security function. (One year of working in a highly regulated environment e.g. Utilities, Financial, may substitute for up to 18 months experience in a security function.)
- 2 years of experience with risk assessments, audit, or control testing.
- Knowledge of security and lifecycle management, including auditing methodology or technology risk assessments.
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
- Ability to develop strong working relationships with peers and stakeholders across business units.
- Experience working with information security policies, standards, industry best practices and/or frameworks (e.g., ISO 27K, NIST 800-53, FISMA, BITS, etc.).
- Knowledge of IT Security tools and technologies used in an enterprise environment.
- Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
- Security or Risk-related certifications (CRISC, CISSP, CISA, etc.)
- Experience conducting benchmarking or assessments using the NIST Cyber Security Framework (CSF)
- Cyber risk assessments of cloud-based services (e.g. SaaS, IaaS, PaaS)
- Use of quantitative risk assessments methodologies, such as Factor Analysis of Information Risk (FAIR)
- Experience using MITRE ATT&CK framework
- FedRAMP experience
- Third Party Security Risk Assessments
- SAP Security
During COVID-19 Pandemic this position may require the ability to temporarily work remote within the company service territory until company protocol dictates return to the office criteria has been met. Telecommuting Policy: A plan has been created to officially rollout a hybrid work-from-home option that will take effect when it is safe to move forward to return to the workplace. This position will participate in this new policy.
- Customer and Stakeholder Engagement
- Job and Business Expertise
- Operational Excellence
- Relationship Focused
Location(s): CO - Denver; MN - Minneapolis; TX - Amarillo; WI - Eau Claire
Organization: Strategy Plng and Ext Affairs
Department: 70080:Business Security Risk & Spprt
Non-Union jobs will be posted internally for a minimum of 5 business days, after 5 days the job may be unposted at any time.
Union jobs will be posted based on the union agreement.
The anticipated starting base pay for this position is: $68,000 to $96,666 per year
This position may also be eligible for the following benefits and/or pay components: Pay - Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Personal holidays, Volunteer Paid Time Off (VPTO) (full-time employees only), Parental Leave
Click here to see our benefits
Recruiter: Lea M Felty
Hiring Manager: Michael J Mckinlay
All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Individuals with a disability who need an accommodation to apply please contact us at firstname.lastname@example.org
About this Employer
As a leading electric and natural gas energy company, we offer a comprehensive portfolio of energy-related products and services to 3.4 million electricity customers and 1.9 million natural gas customers across our eight states: Colorado, Michigan, Minnesota, New Mexico, North Dakota, South Dakota, Texas and Wisconsin.
Our workforce of more than 12,000 is rising to the challenge of a dynamic, constantly-changing utility industry. One that requires us to be even more customer focused, forward thinking and productive while remaining committed to meeting our customers’ fundamental need for safe, reliable, affordable energy.
With nearly 50% of our workforce eligible to retire in the next five years, there’s never been a better time to come on board. Do you have a passion for renewable energy, like wind or solar? Or care about giving back to the community? You’ll be in a position to directly impact our energy future.
At Xcel Energy, you’ll be challenged, respected and rewarded. You’ll find an ethical team committed to excellence, safety and environmental stewardship. A dynamic company where you’ll have meaningful work that makes a difference.