Information Security Specialist (Risk Management)
About The Position
Itron is innovating new ways for utilities and cities to manage energy and water. We create a more resourceful world to protect essential resources for today and tomorrow. Join us. The IT InfoSec Risk Management Analyst is responsible for leading and maturing our IT Risk Management program, with a secondary focus on analyzing and supporting the management of global cybersecurity compliance requirements. In this customer-centric role, you will help protect critical technology platforms that serve utilities and energy customers, ensuring that IT risks are identified, assessed, mitigated, and reported in alignment with international standards and frameworks (including ISO 27001/27002, ISO 31000, NIST RMF, and COSO Internal Controls). You will collaborate closely with IT, compliance, audit, and business stakeholders to strengthen governance, reduce risk exposure, and support regulatory and certification requirements in a fast-moving, highly regulated industry.
Requirements
- Minimum 5 years of combined experience in IT risk management, cybersecurity compliance, and governance roles.
- Knowledge and understanding of global cybersecurity regulations and frameworks (e.g. SOX, GDPR, NIS2, ISO 27001, NIST CSF, COSO).
- Demonstrated experience conducting risk assessments, assessing risks, implementing treatment plans, and managing follow up.
- Experience with compliance audits, regulatory reporting, and multinational compliance programs.
Nice To Haves
- Familiarity with GRC tools (e.g. Archer, AuditBoard) and regulated industries (finance, healthcare, energy).
- Experience in assessing and implementing controls to meet multinational security frameworks requirements
- Professional certifications such as CISSP, CISM, CRISC, CISA, CIPP/E, or ISO 27001 Lead Auditor are a plus.
Responsibilities
- Lead the design, implementation, and continuous improvement of IT Risk Management program.
- Conduct risk assessments, control evaluations, and gap analyses against ISO, NIST, and COSO frameworks.
- Maintain risk registers, compliance documentation, treatment plans, and executive-level reporting dashboards.
- Review and analyze global cybersecurity laws, regulations, and directives (e.g., GDPR, ENS, NIS2, SOCI).
- Track enterprise compliance across multiple security frameworks including Sarbanes-Oxley (SOX), SSAE-18 (SOC1 and SOC2), NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls
- Translate regulatory requirements into actionable security controls and governance processes.
- Collaborate with IT, legal, compliance, and business leaders to ensure risk mitigation and compliance alignment.
- Support internal and external audits, regulatory inquiries, and certification efforts.
- Monitor emerging threats, regulatory changes, and industry best practices to adapt programs.
- Advise on compliance implications for new technologies, vendors, and business initiatives.
Benefits
- This position also includes a competitive benefit package including; financial, social, health and wellbeing programs, paid vacation, 401k matching, employee stock purchase program, hybrid work schedule, and more!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
