Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements. * Collaborates with senior and lead risk analysts on activities ...
Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements. * Collaborates with senior and lead risk analysts on activities ...
Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements. * Collaborates with senior and lead risk analysts on activities ...
Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements. * Collaborates with senior and lead risk analysts on activities ...
Security Risk Analyst
Minneapolis, MN · On-site
Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements. * Collaborates with senior and lead risk analysts on activities ...
Security Risk Analyst
Minneapolis, MN · On-site
Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements. * Collaborates with senior and lead risk analysts on activities ...
Cybersecurity GRC Analyst
Minneapolis, MN · On-site
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
Minneapolis, MN · On-site
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
Edina, MN · On-site
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cybersecurity GRC Analyst
Edina, MN · On-site
$66K - $114K/yr
Western National is seeking a Cybersecurity GRC Analyst to join our team! The individual in this ... Performs security risk assessments of third-party vendors and service providers and tracks ...
Cyber - SAP Security and GRC Access & Process Control Consultant / Security Engineer II
Minneapolis, MN · On-site
Analyze segregation of duties risks, support ruleset updates, and perform user- and role-level risk assessments in SAP GRC 12.0. * Develop security solutions for custom transactions, tables, programs ...
Cyber - SAP Security and GRC Access & Process Control Consultant / Security Engineer II
Minneapolis, MN · On-site
Analyze segregation of duties risks, support ruleset updates, and perform user- and role-level risk assessments in SAP GRC 12.0. * Develop security solutions for custom transactions, tables, programs ...
Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance * Enable continuous ...
Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance * Enable continuous ...
Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance * Enable continuous ...
Embed analytics, automation, and AI-enabled insights into GRC workflows to provide forward-looking visibility into risk trends, control effectiveness, and remediation performance * Enable continuous ...
Provide advanced data aggregation and analysis of information security risk exposure Review, draft ... Configure, maintain, and optimize GRC platforms (preference for IBM OpenPages) Support GRC ...
Provide advanced data aggregation and analysis of information security risk exposure Review, draft ... Configure, maintain, and optimize GRC platforms (preference for IBM OpenPages) Support GRC ...
They are seeking a GRC Information Security Systems Analyst to enhance their Information Security ... Document risk decision in risk register if necessary. • Maintain Firm Technology Risk Register ...
They are seeking a GRC Information Security Systems Analyst to enhance their Information Security ... Document risk decision in risk register if necessary. • Maintain Firm Technology Risk Register ...
Technology Risk Manager
Minneapolis, MN · On-site
Solid analytical, critical thinking, and decision-making capabilities. * Strong verbal and written ... Experience with ServiceNow IRM/GRC or similar risk management platforms. * In depth knowledge of ...
Technology Risk Manager
Minneapolis, MN · On-site
Solid analytical, critical thinking, and decision-making capabilities. * Strong verbal and written ... Experience with ServiceNow IRM/GRC or similar risk management platforms. * In depth knowledge of ...
Solid analytical, critical thinking, and decisionmaking capabilities. * Strong verbal and written ... Experience with ServiceNow IRM/GRC or similar risk management platforms. * In depth knowledge of ...
Solid analytical, critical thinking, and decisionmaking capabilities. * Strong verbal and written ... Experience with ServiceNow IRM/GRC or similar risk management platforms. * In depth knowledge of ...
Information Security & Technology Mgr, Sr
Lake Elmo, MN · On-site
$199K/yr
Governance, Risk & Compliance (GRC) - Information Security and Technology Risk Management Framework ... Analytical Problem Solving: Synthesizes qualitative and quantitative risk data to identify themes ...
Information Security & Technology Mgr, Sr
Lake Elmo, MN · On-site
$199K/yr
Governance, Risk & Compliance (GRC) - Information Security and Technology Risk Management Framework ... Analytical Problem Solving: Synthesizes qualitative and quantitative risk data to identify themes ...
... analytics, GRC automation/implementation, security role design, security managed services, segregation of duties assessments, as well as ERP implementation risk reviews. Basic Qualifications:
... analytics, GRC automation/implementation, security role design, security managed services, segregation of duties assessments, as well as ERP implementation risk reviews. Basic Qualifications:
Cyber SAP Security and GRC Access & Process Control Senior Consultant / Senior Engineering Manage...
Minneapolis, MN · On-site
... SAP Governance, Risk, and Compliance (GRC) * 3+ years of experience designing or supporting role-based access controls, segregation of duties analysis, or sensitive access controls in SAP ...
Cyber SAP Security and GRC Access & Process Control Senior Consultant / Senior Engineering Manage...
Minneapolis, MN · On-site
... SAP Governance, Risk, and Compliance (GRC) * 3+ years of experience designing or supporting role-based access controls, segregation of duties analysis, or sensitive access controls in SAP ...
Job Title - Information Security Analyst Duration - 3 Months (with a possibility of an extension ... 27000, risk assessment methodologies, Shared Assessments, ITIL practices, and GRC Demonstrate ...
Job Title - Information Security Analyst Duration - 3 Months (with a possibility of an extension ... 27000, risk assessment methodologies, Shared Assessments, ITIL practices, and GRC Demonstrate ...
Entrust is seeking a highly skilled Senior Security Compliance Analyst to lead and sustain ... Risk Management Framework, FedRAMP and NIST 800-53 frameworks, and modern GRC experience that ...
Entrust is seeking a highly skilled Senior Security Compliance Analyst to lead and sustain ... Risk Management Framework, FedRAMP and NIST 800-53 frameworks, and modern GRC experience that ...
$100K - $150K/yr
The role involves conducting assessments, monitoring compliance efforts, managing risk, and ... Hands-on experience with compliance management tools and GRC platforms. * Proficiency in ...
$100K - $150K/yr
The role involves conducting assessments, monitoring compliance efforts, managing risk, and ... Hands-on experience with compliance management tools and GRC platforms. * Proficiency in ...
Grc Risk Analyst information
What is the difference between Grc Risk Analyst vs Compliance Analyst?
| Aspect | Grc Risk Analyst | Compliance Analyst |
|---|---|---|
| Certifications | ISO 31000, FRM, CRISC | ISO 19600, CCEP, CISA |
| Work Environment | Risk management teams, corporate offices | Regulatory departments, corporate offices |
| Industry Usage | Finance, banking, insurance, corporate risk | Financial services, healthcare, manufacturing |
| Job Focus | Identifying, assessing, and mitigating risks across enterprise | Ensuring compliance with laws and regulations |
While both roles involve regulatory and risk considerations, a Grc Risk Analyst focuses on enterprise-wide risk management strategies, whereas a Compliance Analyst concentrates on adherence to specific laws and regulations. Both roles require similar certifications and often work in overlapping industries, but their core responsibilities differ in scope and focus.
What are GRC Risk Analysts?
What are the key skills and qualifications needed to thrive as a GRC Risk Analyst, and why are they important?
What are some common challenges a GRC Risk Analyst might face when implementing new risk management frameworks within an organization?
Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Posted 6 days ago
Xcel Energy rating
8.3
Based on 89 frontline employees who took The Breakroom Quiz
20th of 52 rated energy and utility
Job description
Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you're looking for.
Position Summary
Executes critical aspects of the Enterprise Security Risk Management function. Partners with the business to document and measure risk inherent to systems, assets, and information. Works with the security teams and collaborates with the business to assess IT risks. Tracks risk remediation items. Oversees the risk review process and reporting across the enterprise.
Essential Responsibilities
Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization. Validates remediation plans are in place to reduce risk where possible. Manages cycle to reassess accepted risks, obtain sign-off, and provide reporting.
Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process. Translates technical language into business terms to facilitate understanding of risk to the business.
Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements.
Collaborates with senior and lead risk analysts on activities related to risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations, and the development of communication and presentations for internal and external audiences.
Supports on the development of communications and presentations appropriate for senior level audiences and external regulators.
Minimum Requirements
Minimum of 3 years experience working in a security function. (One year of working in a highly regulated environment e.g. Utilities, Financial, may substitute for up to 18 months experience in a security function.)
2 years of experience with risk assessments, audit or control testing.
Knowledge of security and lifecycle management, including auditing methodology or technology risk assessments.
Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
Ability to develop strong working relationships with peers and stakeholders across business units.
Experience working with information security policies, standards, industry best practices and/or frameworks (e.g., ISO 27K, NIST 800-53, FISMA, BITS, etc.)
Knowledge of IT Security tools and technologies used in an enterprise environment.
Preferred Requirements: Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
Security or Risk-related certifications (CRISC, CISSP, CISA, etc.)
Preferred Qualifications
Risk Assessment Experience:Experience conducting vendor and project-based security risk assessments, including identifying risks, evaluating impact/likelihood, and recommending appropriate controls and treatment strategies.
Security Frameworks & Controls:Working knowledge of security frameworks and standards (e.g., NIST, ISO 27001) and ability to apply control requirements within risk assessments and findings.
GRC Tooling:Familiarity with GRC platforms such as Archer and/or ProcessUnity for documenting assessments, tracking risks, and managing findings lifecycle.
Findings & Risk Management:Experience developing detailed findings, managing remediation tracking, and supporting risk acceptance and exception processes with minimal guidance.
Stakeholder Engagement:Ability to partner with business and technology teams to gather requirements, facilitate discussions, and support risk-based decision-making.
Communication & Documentation:Strong written communication skills with the ability to clearly document risk assessments, findings, and recommendations for both technical and business audiences.
Self-Starter & Adaptability:Demonstrated ability to work independently, manage ambiguity, and prioritize work across multiple assessments and initiatives.
Security & Risk Background:~5+ years of experience in cybersecurity, IT risk, GRC, audit, compliance, or security consulting.
As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team.
All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com.
Non-BargainingThe anticipated starting base pay for this position is: $73,700.00 to $104,633.00 per yearThis position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental LeaveBenefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.
In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.
Deadline to Apply: 07/21/26EEO is the Law |EEO is the Law Supplement | Pay Transparency Nondiscrimination | Equal Opportunity Policy (PDF) | Employee Rights (PDF)
All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility.
ACCESSIBILITY STATEMENT
Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at recruiting@xcelenergy.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
What Xcel Energy employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Xcel Energy
Sourced by ZipRecruiter
Xcel Energy is a prominent electricity and natural gas service provider serving multiple states in the United States, including Colorado, Michigan, Minnesota, New Mexico, North Dakota, South Dakota, Texas, and Wisconsin. Our commitment revolves around delivering essential services to our valued customers. As a trailblazer in the industry, we were the first major US electricity provider with a visionary goal to achieve 100% carbon-free electricity by 2050 and an ambitious 80% reduction in carbon emissions by 2030, based on 2005 levels. Through innovative electric vehicle initiatives, we actively contribute to carbon reduction not only in our electricity generation but also in the transportation sector within the states we operate. Simultaneously, we remain devoted to ensuring cost-effectiveness for our customers by implementing advanced electricity rates and energy efficiency programs.
Industry
Utilities
Company size
10,000+ Employees
Headquarters location
Minneapolis, MN, US
Year founded
1909