Manager, Enterprise Vulnerability Management Job

Denver, Colorado
09 Sep 2016
31 Dec 2016
Contract Type
Full Time
Location(s): CO - Denver; MN - Minneapolis; TX - Amarillo
Are you ready to take your leadership potential to the next level with a growing Fortune 500 company?  Xcel Energy is at the leading edge of an industry that is changing quickly. We're seeking dynamic, proven leaders to help guide us into this exciting energy future. If you're looking to lead at a company that is committed to excellence, safety and environmental stewardship, with plenty of room to grow, consider a position at Xcel Energy.
We are hiring a Manager of Enterprise Vulnerability Management for our Enterprise Security Services (ESS) team to be based out of Minneapolis, Denver, or Amarillo. The Manager will have approximately six direct reports, comprised of Individual Contributors. This role will also assume a travel schedule estimated at 25%, largely within Xcel Energy's eight state service territory, but also to industry events.
The ESS team is responsible for all aspects of security within Xcel Energy including Cyber, Physical, Enterprise Continuity and our Governance and Risk services.  This dynamic team is growing and evolving to meet the needs of the enterprise while adjusting to the ever changing world we live in.  Come join the high-energy team in building a best-in-class example of security related service offerings.
Position Summary
Responsible to effectively create, document, maintain and communicate strategy and process for the Enterprise Vulnerability Management (EVM) platform for Xcel Energy's in alignment with Enterprise Security Services strategy. Responsible for managing Xcel Energy's threat and vulnerability management platform including:
  • Definition of and maintenance of master scanning schedules and targets
  • Processing, recording and responsibility assignment of individual findings
  • Documentation and communications of trending analyses
Remain knowledgeable about security issues, vulnerabilities, and security standards that may impact information security. Participate in and contribute to other areas within the department as needed.

Essential Responsibilities
  • Manage the work direction and resources needs for the EVM platform within Enterprise Security Services. Determine, manage and track budget and staffing needs for these divisions. Define team goals and manage performance to meet those goals.
  • Define, publish and maintain a strategic plan for assigned business area. Management of activities relative to the day-to-day operations of security, and determination of business and technical requirements for incident response, Serve as key respondent and facilitator for internal and external security events and incidents.
  • Develop risk management plans and EVM strategies and solutions. Orchestrate exercises aimed at processes validation within EVM. Identify the needs for cross-functional teams to assure that the solutions and plans meet changing business needs, customer and competitive requirements. Ensure consulting expertise is available within the team to all stakeholders to guarantee plans are integrated into overall business area strategic and operational plans.
  • Manage EVM support to business and technical teams in the design of standardized products and customized solutions.
  • Stay abreast of industry and technology trends and best practices to advise leadership and direct teams on when to innovate and when to use traditional approaches. Maintain awareness of current and potential threats and risks for security related information protection.
  • Provide threat analysis summations to leadership along with propose actions to minimize threats.
  • Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies.

Minimum Requirements
  • Bachelor's degree (Master's preferred) with a concentration in computer science, technology, or equivalent combination of education and experience.
  • At least 10 years of experience in I/T including 7 years direct experience in cyber operations.
  • At least 5 years of direct experience in an EVM platform.
  • Demonstrated ability to effectively communicate and present complex technical information to a broad audience and make recommendations with justification to leadership.
  • Demonstrated leadership skills.
  • Proven investigative and problem solving, critical thinking, root-cause analysis, and business risk analysis skills.
  • Must possess a broad knowledge relating to I/T infrastructure and have in-depth and up-to-date experience with today's enterprise level platforms.
Certifications preferred: GSEC, ECSA, ISSM, ECSA, CPT, CEH
Certifications highly preferred: CISSP, CISM or equivalents
This position requires a behavioral assessment prior to being considered for an interview.
As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team.
Posting Notes:  CO - Denver || CO - Denver; MN - Minneapolis; TX - Amarillo || United States (US) || Utilities and Corporate Servic || 70060:Enterprise Security Services || Full-Time || Non-Bargaining ||
Requisition Number: 5441
Equal Opportunity Employer: Minority/Female/Disability/Veteran
Individuals with a disability who need an accommodation to apply please contact us at