other
Posted YesterdaySecurity Risk Analyst
at Xcel Energy
Minneapolis, United StatesOn-site
recruiting27K
Requirements
- Translates technical language into business terms to facilitate understanding of risk to the business.
- experience working in a security function. (One year of working in a highly regulated environment e.g. Utilities, Financial, may substitute for up to 18 months
- experience in a security function.) 2 years of
- experience with risk assessments, audit or control testing.
- Knowledge of security and lifecycle management, including auditing methodology or technology risk assessments.
- Ability to develop strong working relationships with peers and stakeholders across business units.
- Experience working with information security policies, standards, industry best practices and/or frameworks (e.g., ISO 27K, NIST 800-53, FISMA, BITS, etc.) Knowledge of IT Security tools and technologies used in an enterprise environment. Preferred
- Requirements: Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
- Security or Risk-related certifications (CRISC, CISSP, CISA, etc.) Preferred
- Experience conducting vendor and project-based security risk assessments, including identifying risks, evaluating impact/likelihood, and recommending appropriate controls and treatment strategies.
- Security Frameworks & Controls: Working knowledge of security frameworks and standards (e.g., NIST, ISO 27001) and ability to apply control
- GRC Tooling: Familiarity with GRC platforms such as Archer and/or ProcessUnity for documenting assessments, tracking risks, and managing findings lifecycle.
- Experience developing detailed findings, managing remediation tracking, and supporting risk acceptance and exception processes with minimal guidance.
- Stakeholder Engagement: Ability to partner with business and technology teams to gather requirements, facilitate discussions, and support risk-based decision-making.
- Communication & Documentation: Strong written communication skills with the ability to clearly document risk assessments, findings, and recommendations for both technical and business audiences.
- Self-Starter & Adaptability: Demonstrated ability to work independently, manage ambiguity, and prioritize work across multiple assessments and initiatives.
- experience in cybersecurity, IT risk, GRC, audit, compliance, or security consulting.
Experience
- Security & Risk Background: ~5+ years of
Benefits
- Non-Bargaining The anticipated starting base pay for this position is: $73,700.00 to $104,633.00 per year This position is eligible for the following
- benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition
Contact
- Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com .
- ACCESSIBILITY STATEMENT Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users.
- If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at recruiting@xcelenergy.com.
Additional details
- Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you’re looking for.
- Position Summary Executes critical aspects of the Enterprise Security Risk Management function.
- Partners with the business to document and measure risk inherent to systems, assets, and information.
- Works with the security teams and collaborates with the business to assess IT risks.
- Oversees the risk review process and reporting across the enterprise. Essential
- Responsibilities Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization.
- Validates remediation plans are in place to reduce risk where possible.
- Manages cycle to reassess accepted risks, obtain sign-off, and provide reporting.
- Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process.
- Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements.