Posting End Date:  

Work Place Flexibility: Hybrid 

Legal Entity: Entergy Services, LLC 

**The preferred location for this role is The Woodlands, TX; however, this position can be filled in New Orleans, LA or Little Rock, AR.**

Position summary:

The Info Sec Engineer Sr. is responsible for the administration and execution of the Operational Technology Security Patch Management program.  The Info Sec Engineer Sr. will lead internal and external resources in the timely execution of process controls designed to identify security vulnerabilities.  The Info Sec Engineer Sr. will own the governance and management of the NERC CIP-007 R2 controls and will be responsible for internal and external communications and metrics regarding the program.

Key responsibilities include:

• Oversee the daily operations of the external Security Patch Management team, including:
  • Security Patch Discovery and Evaluation
  • Creation of mitigation plans
  • Patch deployment planning
• Maintain compliance with the NERC CIP-007 R2 controls
• Drive the accuracy of asset inventory within the OT operating environment
• Drive efficiencies and accuracy in continual security patch assessments
• Drive effective communications with external OT asset owners for security patch remediation strategies
• Lead collaborative meetings with stakeholders and owners to drive timely completion of activities for compliance with the program and regulatory standards
• Leverage technology and scripted processes to reduce human interaction in managed processes
• Maintain auditable records of work performed
• Maintain procedures and work instructions for the Security Patch Management program
• Maintain and track performance metrics of external resources assigned to the program
• Work with external solution providers to correct any staffing or performance issues
• Perform required testing of the NERC CIP-007 R2 controls within the Entergy GRC platform
• Represent the Security Patch Management program to leadership and the Corrective Action Program
• Act as the NERC CIP-007 R2 subject matter expert for internal and external audit requests and SERC self-report activity

Minimum Requirements:

Minimum Education Required:

• Bachelor’s degree in computer science, Information Systems, MIS or a related discipline or equivalent work experience. 

Minimum Experience Required:

• 6+ years of relevant work experience required
• Understanding of Operational Technology concepts
• Broad working knowledge of IT Enterprise and Solution Architectures and delivery methodologies
• Leadership experience (leading teams, root cause analyses, projects, effective communication) 
• Working in a compliance regulated environment
• Working independently, with guidance in only the most complex situations
• Interpreting internal or external business issues and recommending best practices
• Project Management experience, including metrics creation, leading stakeholders to complete milestones and tasks, reporting to management on success criteria

Minimum knowledge, skills, and abilities required of the position:

• Information Security background
• Understanding and experience with Vulnerability Risk Assessments and Vulnerability Management
• Understanding of IT and OT architectures, systems, and intercommunications
• Understanding of Configuration Change Management
• Proficiency with Microsoft Office and SharePoint
• Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
• Experience with the following tools is a plus:
  • ServiceNow (Change Management, Incident Management, Vulnerability Response)
  • Tripwire
  • BigFix
  • Splunk
  • Automation Anywhere
• Ability to quickly adapt to changing events and priorities
• Strong social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences
• Comfortable working in high stress and ambiguous environments
• Capable of meeting deadlines

Any certificates, licenses, etc., required for the position

• None required
• SANS GIAC and ISC2 certifications strongly considered

#LI-RM1

#LI-HYBRID

Primary Location: Texas- Texas : The Woodlands || Arkansas : Little Rock || Louisiana : New Orleans || Texas : Houston 
Job Function: Professional
FLSA Status: Professional 
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT 
Number of Openings: 1
Req ID: 112751
Travel Percentage:Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEO page, or see statements below.

EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. 

The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.  41 CFR 60-1.35(c). Equal Opportunity and Pay Transparency.

Pay Transparency Notice:

Pay Transparency Nondiscrimination Provision (dol.gov)

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment.  Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.