Cybersecurity, IT Compliance, Information Security
*This position can be filled in New Orleans, LA or The Woodlands, TX (preferred).*
The official title for this position will be IT Business Analyst or IT Business Analyst Sr depending on experience.
BRIEF POSITION DESCRIPTION For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance. Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.
We value integrity and diverse perspectives. We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes. We offer opportunities to develop your portfolio of experience and advance your career. You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.
The IT Analyst, Senior – Regulatory Risk & Compliance is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX). A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests. This scope of this role emphasizes IT compliance related to Cyber Security. Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.
Professional Practices Advance our people, process, and technology agendas to foster team, individual and Entergy success.
IT Security Risk and Compliance
Partner with key constituents to drive effective management of Entergy IT security, risk and compliance with enterprise policies, and applicable regulatory requirements. Help improve the IT security control environment and mitigate risk within our Technology division.
Deliver timely and effective IT security, risk & controls ‘triage’ services to meet unplanned, urgent workload demands.
Assist with establishing and maintaining practices, standards, and procedures for conducting engagements.
Participate in Corrective Action Program (CAP); evaluate conditions adverse to quality, safety, risk, security and compliance.
Set priorities in correcting problems and tracking them until they have been corrected.
Maintain awareness of regulatory changes; review Entergy policies, and recommend revisions to remain compliant.
Coordinate with other departments when drafting and revising new polices to obtain the appropriate approvals.
Deliver on process excellence and maturity to maintain a strong culture of regulatory compliance.
Prioritize and deliver multiple complex projects to meet deadlines, in a fast-paced environment.
IT Security Risk and Compliance Engagements Execute and deliver the IT security risk, controls and compliance program. Execute IT security risk, controls & compliance engagements (assurance and advisory) across security domains: e.g. Architecture and Engineering, Application Security, Web and Mobile Security, Infrastructure Security, Access Management, Threat and Vulnerability Management,
Security Monitoring, Incident Response, and Cloud Security
Craft key messages for Management and governance bodies, including engagement objectives, status and results.
Plan engagements, outline scope, and identify in-scope systems and IT security risks and controls.
Test processes and controls, identify control deficiencies, agree findings, and recommend remediation plans.
Challenge established processes and controls to ensure they are adequate and effective to mitigate risk.
Ensure timely delivery of the highest quality work and value-add recommendations.
Document work-papers, communicate outcomes, and report engagement results.
Influence leaders to act on recommendations, make process improvements, and strengthen the control environment.
Track status of deficiencies, and ensure corrective actions are complete and sustainable.
Provide effective assurance and advisory outcomes to Technology & Security leadership, and key stakeholders.
Performance & Improvement Drive process excellence, maturity, and act on results to develop new solutions to mitigate risks.
Audit, Regulatory, and Risk Governance
Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and Risk and compliance partners.
Partner with key 3rd & 4th LoD constituents to support effective and balanced audits and regulatory engagements.
Partner with key 2nd LoD constituents to support effective and balanced internal governance and assessments.
Metrics, Analytics & Reporting Deliver and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.
3 to 5+ years of work experience and expertise, capabilities and accomplishments directly relevant to the position.
3+ years of work experience in IT security, risk, controls, audit and regulatory compliance.
1+ years of work experience in a regulatory compliance function within a utility or related, or highly regulated industry.
Must: ability to plan, deliver, and report results of IT security risk, control, and compliance engagements.
Required; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).
Intermediate expertise across security domains: e.g. Architecture and Engineering, Application Security, Web and Mobile Security, Infrastructure Security, Access Management, Threat and Vulnerability Management, Security Monitoring, Incident Response, and Cloud Security.
Required; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.
KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED OF THE POSITION
Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.
Required; IT, risk and security practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).
ANY CERTIFICATES, LICENSES ETC., REQUIRED FOR THE POSITION Must demonstrate commitment to development. One or more, relevant qualifications, including but not limited to: CRISC, CISSP, CISM, CISA, CIA, PMP, SANS GIAC (e.g. GCISP).
WORKING CONDITIONS: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Relocation expenses are negotiable.
Internal Number: 86597
At Entergy (NYSE: ETR), we power life. More than 100 years ago, our founder Harvey Couch started this company with a handshake, some sawdust and a vision. Couch wanted to bring safe, affordable, reliable energy to the Middle South – energy that would power the lives of people and communities.
Today, Entergy is an integrated energy company engaged primarily in electric power production and retail distribution operations. We own and operate power plants with approximately 30,000 megawatts of electric generating capacity, including nearly 9,000 megawatts of nuclear power.
The 13,000+ men and women of Entergy deliver electricity to 2.9 million utility customers in Arkansas, Louisiana, Mississippi and Texas, generating annual revenues of almost $11 billion. Headquartered in New Orleans, we continue to play a driving role in the economic growth of the Gulf South.
Our work matters. That’s been true for more than 100 years. And as we look to the next century, we remember the constant that bridges our past and future: We Power Life.
New Orleans, home to our corporate headquarters, has been named the second favorite American city in Travel + Leisure’s 2017 surve...y of locals about their home towns.
Our 2017 employee safety performance ranked in the top decile of the Edison Electric Institute benchmark survey.
In 2017, Entergy Corporation and the Entergy Charitable Foundation awarded grants totaling more than $17 million to about 2,200 nonprofits in communities where we operate.
With a total of 26 awards from EEI for its restoration and mutual-assistance work, Entergy remains the only utility company to have won either EEI's Recovery or Assistance Award, or both, every year since the awards began in 1998.