Position SummaryDesigns and executes critical aspects of the Enterprise Security Risk Management function. Develops, recommends and implements controls and cost-effective approaches to minimize the organization's risks effects. Partners with the business and technology teams to promote understanding of the business landscape in order to facilitate security risk-based discussions. Collaborates with executive and technical leadership to embed a security-focused mindset in all areas.
Essential Responsibilities- Analyzes organizational security risks, interactions, develop and publish security risk handbook, and procedures for implementation ensuring alignment with appropriate standards and frameworks.
- Manage and execute risk identification, assessment and quantification, aggregation reporting, and monitoring processes. Interprets internal or external business issues and recommends solutions/best practices. Solves complex problems; takes a broad perspective to identify solutions.
- Analyzes external market dynamics and other data sources to assess trends and develop actionable insights and recommendations to management, via understanding of the business model and the information available for analysis. Assist in coordinating the security risk within the context of the security risk model.
- Assesses and communicates information regarding business risks with functions across the organization. Builds and maintains relationships with business partners, including understanding their specific risk landscape. Uses professional knowledge, skills, and experience to influence and guide, monitor, and credibly challenge business areas as they manage risk and make risk decisions.
- Coordinates the security risk program efforts including risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations.
- Develops presentations appropriate for senior level audiences and external regulators. May mentor and give work direction to less experienced colleagues.
Minimum Requirements- Bachelors degree or higher in an IT or risk management related field.
- Minimum of 8 years of experience working in security (physical or cyber). 3 years of experience with risk assessments, audit or control testing. Experience and expertise in security and lifecycle management, auditing methodology, and technology risk assessments.
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
- Ability to document and explain risks and vulnerabilities to both business and technical stakeholders to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
- Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-53, FISMA, BITS etc.).
- Strong business acumen with the proven ability to bridge the gap between business and technology.
Non-Bargaining
The anticipated starting base pay for this position is: $97,600.00 to $138,600.00 per year
This position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental Leave
Benefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.
In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.
Deadline to Apply: 06/12/26
All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility.
ACCESSIBILITY STATEMENTXcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at
[email protected]. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
