Security Risk Analyst

Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow?  A  position at Xcel Energy could be just what you’re looking for.

Security Risk Analyst

Position Summary

Executes critical aspects of the Enterprise Security Risk Management function. Partners with the business to document and measure risk inherent to systems, assets, and information. Works with the security teams and collaborates with the business to assess IT risks. Tracks risk remediation items. Oversees the risk review process and reporting across the enterprise. Primarily responsible for Security Vendor Risk Assessments.

Essential Responsibilities

• Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization. Validates remediation plans are in place to reduce risk where possible. Manages cycle to reassess accepted risks, obtain sign-off, and provide reporting.
• Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process. Translates technical language into business terms to facilitate understanding of risk to the business.
• Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements.
• Collaborates with senior and lead risk analysts on activities related to risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations, and the development of communication and presentations for internal and external audiences.
• Supports on the development of communications and presentations appropriate for senior level audiences and external regulators.

Minimum Requirements

• Demonstrated ability to effectively communicate complex security risk assessments and findings to both technical and non-technical stakeholders. This includes regular interactions with internal teams such as procurement, legal, and IT, as well as external vendors to ensure alignment with security standards and contractual obligations. The candidate should be adept at preparing detailed reports, presentations, and updates for senior management and other key stakeholders
• Minimum of 3 years experience working in a security function. (One year of working in a highly regulated environment e.g. Utilities, Financial, may substitute for up to 18 months experience in a security function.)
• 2 years of experience with risk assessments, audit or control testing.
• Knowledge of security and lifecycle management, including auditing methodology or technology risk assessments.
• Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
• Ability to develop strong working relationships with peers and stakeholders across business units.
• Experience working with information security policies, standards, industry best practices and/or frameworks (e.g., ISO 27K, NIST 800-53, FISMA, BITS, etc.).
• Knowledge of IT Security tools and technologies used in an enterprise environment.
• Self-starter and able to thrive in a highly dynamic, collaborative environment
• Excellent planning, organizational, negotiation and client service skills
• Previous business and/or project experience leading complex initiatives
• Demonstrated ability to maximize relationships in cross-functional teams
• Demonstrated bias for action and driving change
• Strong analytical, conceptual and problem-solving skills
• Ability to work with and influence at all levels, including senior management
• Excellent verbal, written and presentation communication skills

Preferred Requirements:

• Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
• Security or Risk-related certifications (CRISC, CISSP, CISA, etc.)
• Demonstrated experience with vulnerability assessment, penetration testing, security policy implementation and compliance.
• SecurityTIA+ Certification

As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you’re ready to be a part of something big, we invite you to join our team.

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com.

Non-Bargaining

The anticipated starting base pay for this position is: $71,900.00 to $102,100.00 per year

This position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental Leave

Benefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.

In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation.  You will not be penalized for redacting or removing this information.

Deadline to Apply: 04/06/25

EEO is the Law | EEO is the Law Supplement | Pay Transparency Nondiscrimination | Equal Opportunity Policy (PDF) | Employee Rights (PDF)

ACCESSIBILITY STATEMENT
Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at recruiting@xcelenergy.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.