NRG Energy

Cybersecurity Risk Analyst

NRG Energy$90K — $120K *
Houston, TX 77084In-Person
Information Technology
5 - 7 years of experience
1 month ago
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or related field preferred.
  • 5+ years of experience in cybersecurity or related disciplines required.
  • Proven experience conducting cybersecurity risk assessments essential.
  • Familiarity with the NIST CSF 2.0 and FAIR methodologies required.
  • Experience with vulnerability management concepts and risk interpretation required.
  • Proficiency in Microsoft Office and AI tools expected.

Responsibilities

  • Conduct internal cybersecurity risk assessments for various systems and technologies.
  • Identify and document threats, vulnerabilities, and potential business impacts.
  • Evaluate inherent and residual cyber risks to develop risk statements and recommendations.
  • Apply cybersecurity risk assessment methodologies and frameworks effectively.
  • Facilitate discussions among stakeholders for risk identification and treatment.
  • Analyze vulnerability data to inform risk assessments and recommendations.
  • Report on cybersecurity risk metrics and support continuous improvement initiatives.

Benefits

  • Hybrid working conditions.
  • Minimal travel requirements.
Full Job Description
JOB SUMMARY:

The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications, technologies, and business initiatives. This role partners with Technology, Business, Enterprise Risk and other stakeholders to enable risk-informed decisions and practical risk treatment outcomes.

The role is focused on internal cybersecurity risk assessments evaluating threats, vulnerabilities, control gaps, and business impact while helping stakeholders align on risk acceptance decisions consistent with organizational risk tolerance. Work is guided by the NIST CSF 2.0, with expected familiarity with FAIR and professional AI tools, as well as awareness of emerging technology risks and evolving cyber threats. This role is distinct from team responsibilities centered on third-party risk, vendor contracts, security surveys, or regulatory compliance.

Essential Duties and Responsibilities:

Cybersecurity Risk Assessment

  • Conduct cybersecurity risk assessments for systems, applications, infrastructure, technologies, projects, and business initiatives.
  • Identify, assess, analyze, and document cybersecurity threats, vulnerabilities, control gaps, exploitability considerations, and potential business impacts.
  • Evaluate inherent and residual cyber risk and develop clear, supportable risk statements, ratings, and recommendations.
  • Apply established cybersecurity risk assessment methodologies, frameworks, and reference materials, including FAIR and other relevant cyber risk analysis approaches.
  • Support practical and well-informed cyber risk treatment recommendations, including mitigation, remediation, transfer, avoidance, and acceptance.
  • Assist in identifying and documenting reasonable cyber risk acceptance positions aligned with business objectives, governance expectations, and organizational risk tolerance.


Stakeholder Engagement and Risk Facilitation

  • Partner with stakeholders across Technology, Cybersecurity, Business, and Enterprise Risk to gather information and support effective cyber risk assessments.
  • Facilitate meetings, workshops, and working sessions to bring the right stakeholders together for risk identification, analysis, treatment, and acceptance discussions.
  • Build alignment across teams and help translate technical cybersecurity issues into clear business risk implications and decision points.
  • Coordinate with team members responsible for adjacent activities, including third-party risk management, compliance support, contract review, security surveys, and regulatory matters, while maintaining primary focus on internal cyber risk assessment and analysis.


Vulnerability and Threat-Informed Risk Analysis

  • Work closely with vulnerability management and other cybersecurity teams to understand vulnerability exposure, remediation priorities, compensating controls, and the impact of technical findings on cyber risk.
  • Analyze vulnerability data, remediation status, exploitability, and exposure trends to inform cyber risk assessments and recommendations.
  • Maintain awareness of emerging cyber threats, attack techniques, threat actor activity, and technology developments that may affect the organization's risk posture.


Metrics, Reporting, and Program Support

  • Collect, organize, analyze, and report cybersecurity risk metrics, trends, and themes to support leadership reporting and program oversight.
  • Prepare clear and concise risk assessment documentation, reports, summaries, and presentations for technical and non-technical stakeholders.
  • Support the continuous improvement of cybersecurity risk assessment processes, templates, standards, and reporting practices.
  • Use approved AI-enabled tools responsibly to support cyber risk research, analysis, documentation, and operational efficiency in accordance with company requirements.
  • Incorporate considerations related to artificial intelligence, generative AI, and other emerging technology risks into cybersecurity risk assessments, as applicable.


Working Conditions:

  • Hybrid.
  • Travel minimally.


Minimum Requirements:

  • A bachelor's degree in Cybersecurity, Information Technology, Information Systems, Risk Management, Business, or a related field is preferred but not required.
  • A minimum of five years of experience in cybersecurity, information security, cyber risk, technology risk, vulnerability management, IT audit, or a related discipline is essential.
  • Demonstrated experience performing cybersecurity or technology risk assessments is required.
  • Familiarity with the NIST Cybersecurity Framework (CSF) 2.0 is required.
  • Familiarity with FAIR and other recognized cybersecurity risk assessment methodologies, models, or reference resources are required.
  • Experience with vulnerability management concepts, processes, and reporting, including the ability to interpret vulnerability data in a risk context, is required.
  • Proficiency in Microsoft Office products, including Word, Excel, PowerPoint, and SharePoint, is expected.
  • Ability to effectively apply approved AI technologies such as CoPilot in a professional environment is expected.


Additional Knowledge, Skills and Abilities:

Technical & Domain Expertise:

  • Strong understanding of cybersecurity risk principles, threats, vulnerabilities, control environments, and risk treatment concepts.
  • Working knowledge of cybersecurity frameworks and references, including NIST CSF 2.0, and familiarity with related standards such as NIST 800-53, CIS Controls, ISO 27001, or COBIT.
  • Familiarity with cyber risk analysis methods such as FAIR; familiarity with quantitative risk analysis concepts, including Monte Carlo simulation, is preferred but not required.
  • Knowledge of vulnerability management practices and the ability to connect technical findings to broader business and cyber risk considerations.
  • Awareness of artificial intelligence, generative AI, and emerging technology risks, and the ability to incorporate those considerations into cyber risk assessments.
  • Experience in energy, utilities, critical infrastructure, or other highly regulated industries is preferred.
  • Knowledge of operational technology, industrial control systems, or energy generation and retail environments is preferred.


Skills & Competencies:

  • Strong analytical, critical thinking, and problem-solving capabilities.
  • Effective stakeholder engagement and facilitation skills, with the ability to bring teams together and drive productive risk discussions.
  • Ability to gather, interpret, and present risk metrics and related data in a meaningful and actionable manner.
  • Strong written and verbal communication skills, including the ability to prepare professional documentation and communicate effectively with both technical and non-technical audiences.
  • Ability to translate complex cybersecurity issues into clear, concise, and business-relevant risk information.
  • Strong organizational skills and the ability to manage multiple priorities while delivering high-quality work within established deadlines.
  • Demonstrated ability to work collaboratively across Cybersecurity, Technology, Business, and Enterprise Risk teams.


Physical Requirements:

  • From time to it may be required to move light computer equipment such as laptops.


Level, Title and/or Salary may be adjusted based on the applicant's experience or skills.

Official description on file with Talent.

About NRG Energy

NRG is at the forefront of changing how people think about and use energy. Whether as the largest solar power developer in the country or by giving customers the latest tools to better manage their energy use, NRG is a pioneer in developing smarter energy choices. Our diverse power generating facilities have a capacity of about 52,000 megawatts, capable of supporting almost 42 million homes. Our retail electricity providers — Reliant and Energy Plus — and thermal energy division serve nearly 3 million residential, business, commercial and industrial customers. A Fortune 250 company, NRG supports clean energy resources and technologies critical to our transition to a sustainable, low carbon society. We built the nation's first privately-funded electric vehicle charging infrastructure and continue to create new, clean energy solutions for our customers. In addition to our environmental efforts, we actively contribute to the local communities where NRG employees live and work. Since 2004, our Global Giving program has provided millions of dollars to organizations and charities that have a direct impact on the lives of the people in our communities, including food banks and those that foster self-sufficiency, improve housing and provide supplemental education to people in need. NRG has also organized special responses for victims of extreme catastrophe, such as the Haitian earthquake and the Japanese tsunami in 2010. Employee donations were tripled to maximize the contributions. NRG has won numerous awards for industry leadership and many of its nationwide econrg initiatives, which are targeted toward meeting the challenges of climate change, clean air and natural resources protection.

NRG Energy Careers

Join the vibrant team at NRG Energy, a leader in the power and energy sector, and contribute to a sustainable future while advancing your career. At NRG Energy, we are committed to innovation, leadership, and diversity, ensuring a dynamic workplace where growth and opportunity are at the forefront.

Work You’ll Do

At NRG Energy, you’ll engage in meaningful work that powers communities and fosters environmental stewardship. Our team of professionals is dedicated to leading the energy sector through cutting-edge innovation and sustainable practices. By joining us, you help shape the future of energy, leveraging your skills to make a significant impact.

Explore Job Opportunities and Internships

Whether you’re a seasoned professional or a recent graduate, NRG Energy offers a range of job opportunities and internships that will harness your potential and polish your skills. Our positions span from technical roles in energy management to leadership tracks in corporate functions. Each role is crucial in driving our mission of a sustainable energy future.

Career Development and Benefits

NRG Energy is deeply invested in the professional growth of its employees. We offer robust career development programs, including leadership training, professional networking opportunities, and diversity training. Our benefits package is designed to support the well-being and financial security of our team members and their families, promoting a healthy work-life balance.

Culture of Innovation and Diversity

Our company culture celebrates diversity, encourages innovation, and fosters a collaborative environment. At NRG Energy, you’ll work alongside a diverse team of experts, each bringing unique perspectives that drive our success. We believe that inclusive teamwork and innovative thinking are the keys to our continued growth and leadership in the energy sector.

Join Our Team

Embark on a rewarding career path at NRG Energy by exploring our current hiring opportunities. Tailor your job search to match your career aspirations and skills. Prepare your resume, ace the interview, and join a team that’s committed to making a difference.

Stay Connected

Keep up to date with the latest from NRG Energy: - **Career Insights**: Gain industry-leading insights and read about the latest trends in the energy sector on our careers blog. - **Job Alert Emails**: Customize your subscription to receive job alerts and insider tips that align with your career preferences. At NRG Energy, your career is more than a job—it’s a journey of growth, learning, and leadership. Join us in powering the world’s energy future while building a promising career for yourself. Explore opportunities, embrace our culture, and be part of our mission to lead the energy transition.

Search NRG Energy Jobs

Discover the exciting and rewarding opportunities waiting for you at NRG Energy. Your future starts here!
Learn more about NRG Energy
Size
6,635 employees
Market Cap
$7.4 billion
Industry
Energy & Utilities
Net Income
$510 million
Founded
1989
5 Year Trend
+24.8%
Revenue
$9 billion
NASDAQ
NRG
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at NRG Energy

More Information Technology Jobs

Find similar Cybersecurity Risk Analyst jobs:

NationwideHouston, TX