Information Security Specialist (Risk Management)

Itron, Inc.•Austin, TX

2d•Hybrid

About The Position

Itron is innovating new ways for utilities and cities to manage energy and water. We create a more resourceful world to protect essential resources for today and tomorrow. Join us. The IT InfoSec Risk Management Analyst is responsible for leading and maturing our IT Risk Management program, with a secondary focus on analyzing and supporting the management of global cybersecurity compliance requirements. In this customer-centric role, you will help protect critical technology platforms that serve utilities and energy customers, ensuring that IT risks are identified, assessed, mitigated, and reported in alignment with international standards and frameworks (including ISO 27001/27002, ISO 31000, NIST RMF, and COSO Internal Controls). You will collaborate closely with IT, compliance, audit, and business stakeholders to strengthen governance, reduce risk exposure, and support regulatory and certification requirements in a fast-moving, highly regulated industry.

Requirements

Minimum 5 years of combined experience in IT risk management, cybersecurity compliance, and governance roles.
Knowledge and understanding of global cybersecurity regulations and frameworks (e.g. SOX, GDPR, NIS2, ISO 27001, NIST CSF, COSO).
Demonstrated experience conducting risk assessments, assessing risks, implementing treatment plans, and managing follow up.
Experience with compliance audits, regulatory reporting, and multinational compliance programs.

Nice To Haves

Familiarity with GRC tools (e.g. Archer, AuditBoard) and regulated industries (finance, healthcare, energy).
Experience in assessing and implementing controls to meet multinational security frameworks requirements
Professional certifications such as CISSP, CISM, CRISC, CISA, CIPP/E, or ISO 27001 Lead Auditor are a plus.

Responsibilities

Lead the design, implementation, and continuous improvement of IT Risk Management program.
Conduct risk assessments, control evaluations, and gap analyses against ISO, NIST, and COSO frameworks.
Maintain risk registers, compliance documentation, treatment plans, and executive-level reporting dashboards.
Review and analyze global cybersecurity laws, regulations, and directives (e.g., GDPR, ENS, NIS2, SOCI).
Track enterprise compliance across multiple security frameworks including Sarbanes-Oxley (SOX), SSAE-18 (SOC1 and SOC2), NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls
Translate regulatory requirements into actionable security controls and governance processes.
Collaborate with IT, legal, compliance, and business leaders to ensure risk mitigation and compliance alignment.
Support internal and external audits, regulatory inquiries, and certification efforts.
Monitor emerging threats, regulatory changes, and industry best practices to adapt programs.
Advise on compliance implications for new technologies, vendors, and business initiatives.

Benefits

This position also includes a competitive benefit package including; financial, social, health and wellbeing programs, paid vacation, 401k matching, employee stock purchase program, hybrid work schedule, and more!

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume