1

Information Security Risk Analyst Jobs (NOW HIRING)

Collaborates with senior and lead risk analysts on activities related to risk modeling ... Knowledge of IT Security tools and technologies used in an enterprise environment. * Preferred ...

next page

Showing results 1-20

Information Security Risk Analyst information

See salary details

$31

$58

$75

How much do information security risk analyst jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for information security risk analyst in the United States is $58.45, according to ZipRecruiter salary data. Most workers in this role earn between $45.43 and $65.62 per hour, depending on experience, location, and employer.

What is the difference between Information Security Risk Analyst vs Cybersecurity Analyst?

AspectInformation Security Risk AnalystCybersecurity Analyst
CertificationsISO 27001, CISSP, CISACompTIA Security+, CEH, CISSP
Work EnvironmentRisk assessment teams, compliance departmentsSecurity operations centers, incident response teams
Employer & Industry UsageFinancial, healthcare, government sectorsTech companies, cybersecurity firms, enterprises

While both roles focus on protecting information assets, the Information Security Risk Analyst primarily assesses and manages risks related to information security policies and compliance. In contrast, the Cybersecurity Analyst actively monitors security systems, responds to threats, and handles incidents. Understanding these differences helps organizations assign the right responsibilities and professionals to safeguard their digital assets.

What are the key skills and qualifications needed to thrive as an Information Security Risk Analyst, and why are they important?

To thrive as an Information Security Risk Analyst, you need a solid understanding of cybersecurity principles, risk management frameworks, and a relevant degree or certifications such as CISSP, CISM, or CRISC. Familiarity with tools like risk assessment platforms, vulnerability scanners, and security information and event management (SIEM) systems is typically required. Strong analytical thinking, communication, and attention to detail help you translate complex risks into actionable recommendations and collaborate with stakeholders. These skills are crucial for effectively identifying, assessing, and mitigating security risks to protect organizational assets and ensure compliance.

What are Information Security Risk Analysts?

Information Security Risk Analysts are professionals responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze potential threats, vulnerabilities, and impacts to ensure that appropriate security measures are in place. These analysts often develop risk management strategies, conduct security assessments, and recommend security enhancements. Their goal is to help organizations protect sensitive information and comply with relevant regulations.

What Does an Information Security Risk Analyst Do?

As an information security risk analyst, your job is to help assess each potential threat and determine whether or not your current network system suffers from vulnerability to that threat. In this IT role, you may monitor network activity, help implement and manage safety protocols, and research emerging threats to help determine the best response to them. Information security risk analysts often work with many other IT personnel at the same company to manage security needs and, somewhat unusually for an IT role, may also collaborate with outside experts and volunteers to find the best way to counter a particular threat. This is an extremely collaborative position, so the ability to work well with other people, including those you may be meeting for the first time, is essential to your success.

How does an Information Security Risk Analyst typically collaborate with other departments to address security risks?

Information Security Risk Analysts work closely with various departments such as IT, compliance, legal, and business units to identify and mitigate security risks. They often facilitate risk assessments, communicate findings, and recommend solutions tailored to each department's needs. Regular meetings and cross-functional projects are common, ensuring security measures align with business objectives while maintaining compliance. This collaborative approach helps foster a culture of security awareness throughout the organization.
What cities are hiring for Information Security Risk Analyst jobs? Cities with the most Information Security Risk Analyst job openings:
What are the most commonly searched types of Information Security Risk Analyst jobs? The most popular types of Information Security Risk Analyst jobs are:
Who are the top companies hiring for Information Security Risk Analyst jobs? The top employers for Information Security Risk Analyst jobs are:
What states have the most Information Security Risk Analyst jobs? States with the most job openings for Information Security Risk Analyst jobs include:
What job categories do people searching Information Security Risk Analyst jobs look for? The top searched job categories for Information Security Risk Analyst jobs are:
Infographic showing various Information Security Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $121,577 per year, or $58.5 per hour.
Security Risk Analyst

Security Risk Analyst

Xcel Energy

Minneapolis, MN

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 9 days ago


Xcel Energy rating

8.3

Company rating: 8.3 out of 10

Based on 89 frontline employees who took The Breakroom Quiz

20th of 52 rated energy and utility


Job description

Minneapolis, Minnesota, 55401, United States of America
Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you're looking for.
Position Summary
Executes critical aspects of the Enterprise Security Risk Management function. Partners with the business to document and measure risk inherent to systems, assets, and information. Works with the security teams and collaborates with the business to assess IT risks. Tracks risk remediation items. Oversees the risk review process and reporting across the enterprise.
Essential Responsibilities
  • Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization. Validates remediation plans are in place to reduce risk where possible. Manages cycle to reassess accepted risks, obtain sign-off, and provide reporting.
  • Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process. Translates technical language into business terms to facilitate understanding of risk to the business.
  • Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements.
  • Collaborates with senior and lead risk analysts on activities related to risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations, and the development of communication and presentations for internal and external audiences.
  • Supports on the development of communications and presentations appropriate for senior level audiences and external regulators.

Minimum Requirements
  • Minimum of 3 years experience working in a security function. (One year of working in a highly regulated environment e.g. Utilities, Financial, may substitute for up to 18 months experience in a security function.)
  • 2 years of experience with risk assessments, audit or control testing.
  • Knowledge of security and lifecycle management, including auditing methodology or technology risk assessments.
  • Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
  • Ability to develop strong working relationships with peers and stakeholders across business units.
  • Experience working with information security policies, standards, industry best practices and/or frameworks (e.g., ISO 27K, NIST 800-53, FISMA, BITS, etc.)
  • Knowledge of IT Security tools and technologies used in an enterprise environment.
  • Preferred Requirements: Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
  • Security or Risk-related certifications (CRISC, CISSP, CISA, etc.)

Preferred Qualifications
  • Risk Assessment Experience: Experience conducting vendor and project-based security risk assessments, including identifying risks, evaluating impact/likelihood, and recommending appropriate controls and treatment strategies.
  • Security Frameworks & Controls: Working knowledge of security frameworks and standards (e.g., NIST, ISO 27001) and ability to apply control requirements within risk assessments and findings.
  • GRC Tooling: Familiarity with GRC platforms such as Archer and/or ProcessUnity for documenting assessments, tracking risks, and managing findings lifecycle.
  • Findings & Risk Management: Experience developing detailed findings, managing remediation tracking, and supporting risk acceptance and exception processes with minimal guidance.
  • Stakeholder Engagement: Ability to partner with business and technology teams to gather requirements, facilitate discussions, and support risk-based decision-making.
  • Communication & Documentation: Strong written communication skills with the ability to clearly document risk assessments, findings, and recommendations for both technical and business audiences.
  • Self-Starter & Adaptability: Demonstrated ability to work independently, manage ambiguity, and prioritize work across multiple assessments and initiatives.
  • Security & Risk Background: ~5+ years of experience in cybersecurity, IT risk, GRC, audit, compliance, or security consulting.

As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team.
All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com .
Non-Bargaining
The anticipated starting base pay for this position is: $73,700.00 to $104,633.00 per year
This position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental Leave
Benefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.
In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.
Deadline to Apply: 07/21/26
EEO is the Law | EEO is the Law Supplement | Pay Transparency Nondiscrimination | Equal Opportunity Policy (PDF) | Employee Rights (PDF)
All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility.
ACCESSIBILITY STATEMENT
Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at recruiting@xcelenergy.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

What Xcel Energy employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Xcel Energy logo

About Xcel Energy

Sourced by ZipRecruiter

Xcel Energy is a prominent electricity and natural gas service provider serving multiple states in the United States, including Colorado, Michigan, Minnesota, New Mexico, North Dakota, South Dakota, Texas, and Wisconsin. Our commitment revolves around delivering essential services to our valued customers. As a trailblazer in the industry, we were the first major US electricity provider with a visionary goal to achieve 100% carbon-free electricity by 2050 and an ambitious 80% reduction in carbon emissions by 2030, based on 2005 levels. Through innovative electric vehicle initiatives, we actively contribute to carbon reduction not only in our electricity generation but also in the transportation sector within the states we operate. Simultaneously, we remain devoted to ensuring cost-effectiveness for our customers by implementing advanced electricity rates and energy efficiency programs.

Industry

Utilities

Company size

10,000+ Employees

Headquarters location

Minneapolis, MN, US

Year founded

1909