Description
Position Summary
Responsible for the development and maintenance of the Enterprise Security and Emergency Management policies and , standards, communication and awareness, and metrics and reporting. Interface with the enterprise security organization, including cyber security, physical security, and enterprise resilience, as well as across other business areas, to assess organizational alignment to security controls.
Responsible for the development and maintenance of the Enterprise Security and Emergency Management policies and , standards, communication and awareness, and metrics and reporting. Interface with the enterprise security organization, including cyber security, physical security, and enterprise resilience, as well as across other business areas, to assess organizational alignment to security controls.
Essential Responsibilities
- Engage in control assessment activities with Enterprise Security and the business, addressing a range of security and regulatory requirements that are both technical and functional in nature.
- Lead the development, review and update cycle for security policies, standards, and controls.
- Participate in the development and implementation of communication and awareness.
Minimum Requirements
- Minimum of 3 years of progressive experience in security and IT or OT related fields.
- Two years of experience with control testing, security standards/policy implementation, security audits, security risk management, or a technical security function.
- One year of working in a Governance Risk Compliance (GRC) function in a highly regulated environment (e.g. Financial) may substitute for up to 18 months experience.
- Self-starter; adaptable to change; inquisitive.
- Ability to set and achieve personal and program goals, and to track performance against those goals.
- Ability to develop positive working relationships, and work across different areas of the business.
- Can make connections and sound decisions based on known information.
- Strong verbal and written communication skills.
- Demonstrated ability to create documentation for technical and non-technical audiences.
Preferred Skills and Experience
- Experience in one or more of the following areas: network administration, systems administration, SDLC / secure soft, encryption, asset management, identity and access management, IT Operations, Security Risk Management.
- Certification in one or more of the following: CISM, CISSP, CISA, CRISC, Security+, CISSP.
- Experience using a GRC tool (i.e. Archer).
- Knowledge of regulatory requirements and frameworks such as PCI, CIP, SOX, HIPPA.
- Working knowledge of one or more control frameworks, including ISO, NIST, COBIT, or Cyber Security Framework (CSF).
Requisition Number: 26581
Contact
Xcel Energy, Inc.
414 Nicollet Mall
Minneapolis
Minnesota United States
www.xcelenergy.com
From the same organization
2 May, 2024
22 May, 2024
2 May, 2024
