Collaborates with senior and lead risk analysts on activities related to risk modeling ... Knowledge of IT Security tools and technologies used in an enterprise environment. * Preferred ...
Collaborates with senior and lead risk analysts on activities related to risk modeling ... Knowledge of IT Security tools and technologies used in an enterprise environment. * Preferred ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
EITS Security Risk Analyst B (Engagement)--Remote Job
San Francisco, CA · On-site
$60 - $70/hr
Job43 - EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed ... Translate business IT risk requirements into technical control specifications. * Develop risk ...
Quick apply
EITS Security Risk Analyst B (Engagement)--Remote Job
San Francisco, CA · On-site
$60 - $70/hr
Job43 - EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed ... Translate business IT risk requirements into technical control specifications. * Develop risk ...
They are seeking a VP, Lead Security Risk Analyst to lead enterprise-wide Information Security risk engagement and drive the development and execution of the Information Security risk and GRC ...
They are seeking a VP, Lead Security Risk Analyst to lead enterprise-wide Information Security risk engagement and drive the development and execution of the Information Security risk and GRC ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Title: Information Security Risk Analyst Location: Oklahoma City, OK Type: Full-time Salary: DOE Requirement: Under senior staff supervision, assist in information security policy development ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
Summary Statement The Senior IT Security Risk Analyst is responsible for leading the organization's cybersecurity governance, risk, and compliance initiatives. This role drives the design ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
Information Security Risk Analyst - Cyber Resiliency
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and ...
Information Security Risk Analyst - Cyber Resiliency
Minneapolis, MN · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Minneapolis, MN · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Minneapolis, MN · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Minneapolis, MN · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Information Security Risk Analyst - Cyber Resiliency
Atlanta, GA · On-site
$120K - $130K/yr
As an Information Security Staff Risk Analyst at Deluxe, you will be instrumental in maintaining our high standards of security and compliance, in particular with our cyber resilience and ...
Familiarity with vulnerability management, threat intelligence analysis, and security architecture ... Performing information security risk assessments, evaluating control effectiveness, and analyzing ...
Quick apply
Familiarity with vulnerability management, threat intelligence analysis, and security architecture ... Performing information security risk assessments, evaluating control effectiveness, and analyzing ...
Operational Risk Analyst -Security Governance & Risk Issues Management Location: Merrifield VA ... Keep current with Information Security best practices and industry trends, and communicate/apply ...
Operational Risk Analyst -Security Governance & Risk Issues Management Location: Merrifield VA ... Keep current with Information Security best practices and industry trends, and communicate/apply ...
Contract Duration: 12 Months We are seeking an Information Security Analyst II to support information security, risk, compliance, and process improvement initiatives. The ideal candidate will have ...
Contract Duration: 12 Months We are seeking an Information Security Analyst II to support information security, risk, compliance, and process improvement initiatives. The ideal candidate will have ...
Information Security Risk and Compliance Analyst Department: Information Technology Location: Red Roof Pay Band: Professional Job Summary : The Information Security Risk & Compliance Analyst is ...
Information Security Risk and Compliance Analyst Department: Information Technology Location: Red Roof Pay Band: Professional Job Summary : The Information Security Risk & Compliance Analyst is ...
... information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm's Security Risk and Compliance Analyst, the assistant will have a range of ...
Quick apply
... information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm's Security Risk and Compliance Analyst, the assistant will have a range of ...
Information Security Risk Analyst information
See salary details
$31.97 - $35.93
6% of jobs
$35.93 - $39.88
5% of jobs
$39.88 - $43.84
8% of jobs
$45.72 is the 25th percentile. Wages below this are outliers.
$43.84 - $47.79
11% of jobs
$47.79 - $51.75
12% of jobs
The median wage is $55.46 / hr.
$51.75 - $55.70
8% of jobs
$55.70 - $59.66
7% of jobs
$59.66 - $63.61
9% of jobs
$65.41 is the 75th percentile. Wages above this are outliers.
$63.61 - $67.57
17% of jobs
$67.57 - $71.53
8% of jobs
$71.53 - $75.48
7% of jobs
$31
$58
$75
How much do information security risk analyst jobs pay per hour?
What is the difference between Information Security Risk Analyst vs Cybersecurity Analyst?
| Aspect | Information Security Risk Analyst | Cybersecurity Analyst |
|---|---|---|
| Certifications | ISO 27001, CISSP, CISA | CompTIA Security+, CEH, CISSP |
| Work Environment | Risk assessment teams, compliance departments | Security operations centers, incident response teams |
| Employer & Industry Usage | Financial, healthcare, government sectors | Tech companies, cybersecurity firms, enterprises |
While both roles focus on protecting information assets, the Information Security Risk Analyst primarily assesses and manages risks related to information security policies and compliance. In contrast, the Cybersecurity Analyst actively monitors security systems, responds to threats, and handles incidents. Understanding these differences helps organizations assign the right responsibilities and professionals to safeguard their digital assets.
What are the key skills and qualifications needed to thrive as an Information Security Risk Analyst, and why are they important?
What are Information Security Risk Analysts?
What Does an Information Security Risk Analyst Do?
As an information security risk analyst, your job is to help assess each potential threat and determine whether or not your current network system suffers from vulnerability to that threat. In this IT role, you may monitor network activity, help implement and manage safety protocols, and research emerging threats to help determine the best response to them. Information security risk analysts often work with many other IT personnel at the same company to manage security needs and, somewhat unusually for an IT role, may also collaborate with outside experts and volunteers to find the best way to counter a particular threat. This is an extremely collaborative position, so the ability to work well with other people, including those you may be meeting for the first time, is essential to your success.
How does an Information Security Risk Analyst typically collaborate with other departments to address security risks?

Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Posted 9 days ago
Xcel Energy rating
8.3
Based on 89 frontline employees who took The Breakroom Quiz
20th of 52 rated energy and utility
Job description
Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you're looking for.
Position Summary
Executes critical aspects of the Enterprise Security Risk Management function. Partners with the business to document and measure risk inherent to systems, assets, and information. Works with the security teams and collaborates with the business to assess IT risks. Tracks risk remediation items. Oversees the risk review process and reporting across the enterprise.
Essential Responsibilities
- Oversees the risk acceptance process across the enterprise to ensure risks are documented and accepted at the correct levels of the organization. Validates remediation plans are in place to reduce risk where possible. Manages cycle to reassess accepted risks, obtain sign-off, and provide reporting.
- Assists business partners with completing risk assessments and ensuring the correct documentation is captured to support the risk assessment process. Translates technical language into business terms to facilitate understanding of risk to the business.
- Maintains documentation and templates in the GRC toolset and makes recommendations for and implements tool and process improvements.
- Collaborates with senior and lead risk analysts on activities related to risk modeling, comprehensive periodic risk assessments, and regulatory reporting standards and expectations, and the development of communication and presentations for internal and external audiences.
- Supports on the development of communications and presentations appropriate for senior level audiences and external regulators.
Minimum Requirements
- Minimum of 3 years experience working in a security function. (One year of working in a highly regulated environment e.g. Utilities, Financial, may substitute for up to 18 months experience in a security function.)
- 2 years of experience with risk assessments, audit or control testing.
- Knowledge of security and lifecycle management, including auditing methodology or technology risk assessments.
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
- Ability to develop strong working relationships with peers and stakeholders across business units.
- Experience working with information security policies, standards, industry best practices and/or frameworks (e.g., ISO 27K, NIST 800-53, FISMA, BITS, etc.)
- Knowledge of IT Security tools and technologies used in an enterprise environment.
- Preferred Requirements: Bachelor's degree or higher with a concentration in computer science, technology, or business, or equivalent combination of education and experience.
- Security or Risk-related certifications (CRISC, CISSP, CISA, etc.)
Preferred Qualifications
- Risk Assessment Experience: Experience conducting vendor and project-based security risk assessments, including identifying risks, evaluating impact/likelihood, and recommending appropriate controls and treatment strategies.
- Security Frameworks & Controls: Working knowledge of security frameworks and standards (e.g., NIST, ISO 27001) and ability to apply control requirements within risk assessments and findings.
- GRC Tooling: Familiarity with GRC platforms such as Archer and/or ProcessUnity for documenting assessments, tracking risks, and managing findings lifecycle.
- Findings & Risk Management: Experience developing detailed findings, managing remediation tracking, and supporting risk acceptance and exception processes with minimal guidance.
- Stakeholder Engagement: Ability to partner with business and technology teams to gather requirements, facilitate discussions, and support risk-based decision-making.
- Communication & Documentation: Strong written communication skills with the ability to clearly document risk assessments, findings, and recommendations for both technical and business audiences.
- Self-Starter & Adaptability: Demonstrated ability to work independently, manage ambiguity, and prioritize work across multiple assessments and initiatives.
- Security & Risk Background: ~5+ years of experience in cybersecurity, IT risk, GRC, audit, compliance, or security consulting.
As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you're ready to be a part of something big, we invite you to join our team.
All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com .
Non-Bargaining
The anticipated starting base pay for this position is: $73,700.00 to $104,633.00 per year
This position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental Leave
Benefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.
In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.
Deadline to Apply: 07/21/26
EEO is the Law | EEO is the Law Supplement | Pay Transparency Nondiscrimination | Equal Opportunity Policy (PDF) | Employee Rights (PDF)
All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility.
ACCESSIBILITY STATEMENT
Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at recruiting@xcelenergy.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
What Xcel Energy employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Xcel Energy
Sourced by ZipRecruiter
Xcel Energy is a prominent electricity and natural gas service provider serving multiple states in the United States, including Colorado, Michigan, Minnesota, New Mexico, North Dakota, South Dakota, Texas, and Wisconsin. Our commitment revolves around delivering essential services to our valued customers. As a trailblazer in the industry, we were the first major US electricity provider with a visionary goal to achieve 100% carbon-free electricity by 2050 and an ambitious 80% reduction in carbon emissions by 2030, based on 2005 levels. Through innovative electric vehicle initiatives, we actively contribute to carbon reduction not only in our electricity generation but also in the transportation sector within the states we operate. Simultaneously, we remain devoted to ensuring cost-effectiveness for our customers by implementing advanced electricity rates and energy efficiency programs.
Industry
Utilities
Company size
10,000+ Employees
Headquarters location
Minneapolis, MN, US
Year founded
1909