Senior Security Analyst, Risk Management Job

Denver, Colorado
15 Sep 2016
29 Dec 2016
Contract Type
Full Time
Location(s): CO - Denver; MN - Minneapolis
Are you looking for an exciting job where you can put your skills, talents and education to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow?  A professional position at Xcel Energy could be just what you're looking for.
We are hiring a Senior Security Analyst, Risk for our Enterprise Security Services (ESS) team to be based out of Denver, CO or Minneapolis, MN. The Senior Analyst will regularly interface with stake holders such as ESS leadership, Business Systems Leadership, Risk, Compliance, Audit. The role will require the ability to serve and an advocate for Risk and be able to use a collaborative approach in order to influence others of process changes to remain in compliance with company policy. The successful applicant will need to have experience in audit and/or security. The Senior Analyst will need to have interpersonal communication skills, ability to be persuasive, build relationships, and foster a collaborative environment.
The ESS team is responsible for all aspects of security within Xcel Energy including Cyber, Physical, Enterprise Continuity and our Governance and Risk services.  This dynamic team is growing and evolving to meet the needs of the enterprise while adjusting to the ever changing world we live in.  Come join the high-energy team in building a best-in-class example of security related service offerings.
Position Summary
Develops and executes critical aspects of the Enterprise Security Risk Management function. Creates, recommends and implements controls and cost-effective approaches to minimize the organization's risks effects. Partners with the business and technology teams to promote understanding of the business landscape in order to facilitate security risk-based discussions.

Essential Responsibilities
  • Analyzes organizational security risks, interactions, develop and publish security risk handbook, and procedures for implementation ensuring alignment with appropriate standards and frameworks. Engages with other departments to sustain, improve, and streamline processes with a primary focus on safety, quality, delivery, and cost.
  • Identifies and analyzes potential sources of loss to minimize risk. Executes risk assessment and quantification, aggregation reporting, and monitoring processes. Interprets business issues and recommends solutions/best practices. Solves complex problems; takes a broad perspective to identify solutions.
  • Analyzes external market dynamics and other data sources to assess trends and develop actionable insights and recommendations for management.. Assists in coordinating the security risk within the context of the security risk model.
  • Assesses and communicates information regarding business risks with functions across the organization. Builds and maintains relationships with business partners, including understanding their specific risk landscape. Uses professional knowledge, skills, and experience to influence and guide, monitor, and credibly challenge business areas as they manage risk and make risk decisions.
  • Coordinates the security risk program efforts including risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations.
  • Develops communications and presentations appropriate for senior level audiences and external regulators.

Minimum Requirements
  • BS/BA degree or higher in an IT or risk management related field.
  • Minimum of 5 years of experience working in security (physical or cyber).
  • Two years of experience with risk assessments, audit or control testing.
  • Experience and expertise in security and lifecycle management, auditing methodology, and technology risk assessments.
  • Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
  • Ability to document and explain risks and vulnerabilities to both business and technical stakeholders.
  • Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
  • Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-53, FISMA, BITS etc.).
  • Strong business acumen with the proven ability to bridge the gap between business and technology.
As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team.
Posting Notes:  CO - Denver || CO - Denver; MN - Minneapolis || United States (US) || Utilities and Corporate Servic || 70060:Enterprise Security Services || Full-Time || Non-Bargaining ||
Requisition Number: 5780
Equal Opportunity Employer: Minority/Female/Disability/Veteran
Individuals with a disability who need an accommodation to apply please contact us at