Share this Job

Security Risk Analyst

Date: Jan 14, 2022

Location: JACKSON, MI, US

Company: Consumers Energy

Join the diverse and dynamic team that powers Michigan's largest energy provider and one of the nation's largest gas and electric combination utilities.  Consumers Energy services 6.7 million of Michigan's 10 million residents - caring for our friends and neighbors in all 68 Lower Peninsula counties.  We embrace a cleaner and leaner utility vision focused on eliminating energy waste and adding renewable energy from sources such as wind and solar.



We are looking for:

Security Risk Analyst to ensure transparency, due diligence, and deliberate actions regarding both cyber and physical security risks which could cause life-safety, financial, regulatory, or reputational harm to the Company. Due to the complex and rapidly evolving nature of cyber and physical security risks, this role requires the candidate to be agile, think conceptually, communicate effectively, build partnerships, navigate tough, often politically driven, company issues and negotiate with stakeholders a mutually acceptable outcome.

With an emphasis on quality and continuous improvement, the major responsibilities of this role include:

  • Design and operate Risk Management governance processes
  • Ensure vendor contracts comply with Security requirements
  • Facilitate the planned and unplanned review of Security policies and act as a liaison to the Company’s Enterprise Risk Management function.
  • Establish effective working relationships with various stakeholders; including IT and lines of business throughout the Company.
  • Customer service oriented; act as a partner and leverage documented processes and standards to provide our internal customers with direction on a secure and pragmatic path to achieve all stakeholders’ objectives.
  • Excellent written and oral communication skills; candidate must be confident communicating with stakeholders at various levels of the organization, including c-suite. 


We encourage you to apply if you have: equivalent combination of education and experience will be considered and reviewed.

  • At least 2 years of combined work experience focused in either information security or business management disciplines.
  • A bachelor’s degree preferably in an Information Technology field.
  • Relevant certifications (CISA, CISM, CISSP, etc) preferred but not required.


In this role, you will:

  • General:
    • Establish cross-team working relationships with key stakeholders both inside and outside of the Security Organization.
    • Develop, document, operate and continuously improve key risk management processes, including but not limited to: Vendor/Third-Party Risk Management, Enterprise Risk Management, Security Policy Governance, Oversight of Security Risks, and exception processes.
    • Develop and track key performance metrics on Security risk to be consumed by various levels of management, including company officers.
    • Administration and primary power user of the Security risk register application.
    • Act as the Security liaison to complete the annual cyber insurance application process.
    • In alignment with leadership and stakeholders, develop and implement a multi-year capability roadmap for the Security risk management function.   
  • Vendor/Third Party Risk Management
    • Partner with supply chain, relevant business partners and stakeholders to ensure the that not only the objectives of Security's contract/vendor risk management process are being met but also business objectives are met.
    • In coordination with stakeholders (including Security, Supply Chain and Legal) to establish and maintain Security contract language requirements.
    • Engage in contract negotiations with vendors to ensure Security contract requirements are included and where there is disagreement, negotiate the most favorable position for the Company.
    • When possible, use discretion and when necessary, consult with Security subject matter experts, contract requirement owners and leadership to ensure Security objectives are met for contracts.
    • Establish and maintain an exception process to ensure where contract requirements cannot be met, the proper approvals and visibility is given to these exceptions.  
  • Risk Management Governance
    • Collaborate with stakeholders on all risk-related activities of the Security organization, including, reporting, remediation planning, testing/validation, and recommending appropriate mitigation measures.
    • Monitor the legal and regulatory environment for developments that could require changes to the Company’s risk posture, including policies and practices.
    • Research and apply national standards, regulations, technical cyber issues and diverse corporate requirements.
    • Provide oversight, monitoring and reporting of risk mitigation activities relating to security risk assessments.
    • At the direction of Security leadership and stakeholders, ensure mitigation plans are developed, documented, and implemented by risk owners.
    • Train and coach stakeholders and business units on risk management processes and methodology to enable them to properly assess the risk of the business initiatives (including technology projects).
  • Enterprise Risk Management
    • Act as the Security organization liaison to the Enterprise Risk Management group by ensuring changes to the ERM methodology are propagated to key Security stakeholders.
    • Facilitate annual Enterprise Risk Mapping process by collaborating with subject matter experts on enterprise cyber and physical risks and mitigating circumstance. Using the information obtained to quantify and qualify the level of risk to the company.
  • Policy Governance
    • Maintain Security Privacy policies, processes, and standards in accordance with established frameworks.
    • Monitor and report out on non-compliances.
    • Work with Security Leadership, policy owners, technical teams, and Corporate Compliance department on policy compliance issues.




Why should you join our team?

At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co-workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co-workers feel valued, supported, and empowered every day. We're a company made up of thousands of people, all with different stories to share and work to do, but we stand united in our company purpose: world class performance delivering hometown service.


What we offer:

  • Competitive compensation packages
  • Medical, Dental and Vision
  • 401k with company match
  • Paid parental leave
  • Up to 13 paid Holidays
  • Paid time off
  • Educational Assistance Program


Diversity, Equity & Inclusion: 

We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included. We don’t discriminate. We seek to learn about each other and better understand our unique differences. Our uniqueness makes us authentic. We create safe spaces where everyone can be who they truly are. We invite difficult conversations and uncomfortable topics. We value diverse perspectives; this is what makes us great together. We harbor an inclusive environment where employees feel empowered to share their backgrounds, experiences, and ideas. Our Employee Resource Groups, Women’s Advisory Panel (WAP), Women’s Engineering Network (WEN), Minority Advisory Panel (MAP), Pride Alliance of Consumers Energy (PACE), GENERGY, capABLE and Veterans Advisory Panel (VAP) are key enablers to living the values of our company culture: Caring, Empowered, Deliberate, Agility, and Ownership.

All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, sexual orientation, gender identity or national origin.

Nearest Major Market: Jackson Michigan
Nearest Secondary Market: Ann Arbor

Job Segment: Risk Management, Engineer, Equity, Law, Business Manager, Finance, Engineering, Legal, Management