Job Description: Responsible for managing the Security Governance, Risk and Compliance (GRC) functions across the enterprise. Act as primary Enterprise Security Services (ESS) contact for enterprise security risk management to the executive team in addition to internal and external stakeholders using a risk reporting structure and KPIs. Responsible to drive maturity of their Security service catalog to ensure that the GRC services are right sized for the organization and allow for effective risk identification, assessment, monitoring of residual risk and control strength and identification of mitigation requirements. Accountable for maturing the Company’s risk frameworks and associated governance, and ensuring an appropriate security risk posture for the organization. Develops a security culture through a strong Security awareness and training program. Accountable for ensuring corporate records management and data privacy programs are executed successfully. Job Responsibilities: Develop the strategy and lead implementation for companywide security governance, risk management and compliance program. Work will include relationship building and strategy alignment with senior business leaders to develop and facilitate a security risk model that allows for risk based decision making across the enterprise. Build and lead a multi-function organization, ensuring that individual, team and program goals support the overall organizational mission and achieve the desired results both efficiently and effectively. Lead decision making process and drive progress against goals through engagement and consensus building with colleagues and business partners to align on priorities, plans and tactics to accomplish the GRC objectives. Develop, support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations. Develop and execute operational activities to support audit and compliance activities enterprise wide including technical validation processes. Oversee escalation and enforcement for unresolved noncompliance issues. Designing and creating a continuous improvement culture to create repeatable, sustainable processes that operationalize the GRC function. Job Requirements: At least 5 years preferred experience with internal controls, performing assessment, IT control function, audit, testing. Relevant security, auditing and compliance certifications (e.g. CISA, CISSP) preferred. Familiarity with various cyber risk assessment methodologies. Experience in the Energy vertical and with CIP compliance. Qualification & Experience: Bachelor’s degree required. At least 10 years relative experience in a global information technology environment with a background in GRC. Strong knowledge of security and risk frameworks including: ISO 2700x, NIST 800. Proven project management skills and experience are required. Superior written and oral communication skills; ability to express complex thoughts clearly, know how to listen and contribute in a team environment. Strategic thinker, leader and high achiever. Ability to work successfully in a matrixed IT and business team environment. Ability to prioritize tasks in order to meet deadlines and deliver measurable results. Experience building and leading a high performing team and establishing strong working relationships with business partners. Demonstrated ability to work across organizational boundaries, and influence others. Ability to build teams, mentor team members, identify process improvements, and lead enterprise wide security initiatives. Information Security background including an understanding of the basic security best practices, standards and methodologies. Job Details: Company: Xcel Energy Vacancy Type: Full Time Job Location: Denver, CO, US Application Deadline: N/A Apply Here careersvite.com
Careers Vite – Latest Jobs 2025