IT Security Risk & Compliance (Technical Writer)

Date: Jun 13, 2019

Location: The Woodlands, TX, US

Company: Entergy

*This position can be filled in New Orleans, LA or The Woodlands, TX (preferred).*

The official title for this position will be IT Business Analyst or IT Business Analyst Sr depending on experience.

BRIEF POSITION DESCRIPTION
For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance.  Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.

 

We value integrity and diverse perspectives.  We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes.  We offer opportunities to develop your portfolio of experience and advance your career.  You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.
 

The IT Analyst, Senior – Regulatory Risk & Compliance is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX).  A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests.  This scope of this role emphasizes IT compliance related to Cyber Security.  Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.

 

KEY RESPONSIBILITIES

Professional Practices
Advance our people, process, and technology agendas to foster team, individual and Entergy success.

 

IT Security Risk and Compliance

  • Partner with key constituents to drive effective management of Entergy IT security, risk and compliance with enterprise policies, and applicable regulatory requirements.  Help improve the IT security control environment and mitigate risk within our Technology division.
  • Deliver timely and effective IT security, risk & controls ‘triage’ services to meet unplanned, urgent workload demands.
  • Assist with establishing and maintaining practices, standards, and procedures for conducting engagements.
  • Participate in Corrective Action Program (CAP); evaluate conditions adverse to quality, safety, risk, security and compliance.
  • Set priorities in correcting problems and tracking them until they have been corrected.
  • Maintain awareness of regulatory changes; review Entergy policies, and recommend revisions to remain compliant.
  • Coordinate with other departments when drafting and revising new polices to obtain the appropriate approvals.
  • Deliver on process excellence and maturity to maintain a strong culture of regulatory compliance.
  • Prioritize and deliver multiple complex projects to meet deadlines, in a fast-paced environment.

 

IT Security Risk and Compliance Engagements
Execute and deliver the IT security risk, controls and compliance program.
Execute IT security risk, controls & compliance engagements (assurance and advisory) across security domains: e.g. Architecture and Engineering, Application Security, Web and Mobile Security, Infrastructure Security, Access Management, Threat and Vulnerability Management,

 

Security Monitoring, Incident Response, and Cloud Security

  • Craft key messages for Management and governance bodies, including engagement objectives, status and results.
  • Plan engagements, outline scope, and identify in-scope systems and IT security risks and controls.
  • Test processes and controls, identify control deficiencies, agree findings, and recommend remediation plans.
  • Challenge established processes and controls to ensure they are adequate and effective to mitigate risk.
  • Ensure timely delivery of the highest quality work and value-add recommendations.
  • Document work-papers, communicate outcomes, and report engagement results.
  • Influence leaders to act on recommendations, make process improvements, and strengthen the control environment. 
  • Track status of deficiencies, and ensure corrective actions are complete and sustainable.
  • Provide effective assurance and advisory outcomes to Technology & Security leadership, and key stakeholders.

 

Performance & Improvement
Drive process excellence, maturity, and act on results to develop new solutions to mitigate risks.

 

Audit, Regulatory, and Risk Governance

  • Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and Risk and compliance partners.
  • Partner with key 3rd & 4th LoD constituents to support effective and balanced audits and regulatory engagements.
  • Partner with key 2nd LoD constituents to support effective and balanced internal governance and assessments.

 

Metrics, Analytics & Reporting
Deliver and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.

 

EXPERIENCE NEEDED

  • 3 to 5+ years of work experience and expertise, capabilities and accomplishments directly relevant to the position.
  • 3+ years of work experience in IT security, risk, controls, audit and regulatory compliance.
  • 1+ years of work experience in a regulatory compliance function within a utility or related, or highly regulated industry.
  • Must: ability to plan, deliver, and report results of IT security risk, control, and compliance engagements.
  • Required; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).
  • Intermediate expertise across security domains: e.g. Architecture and Engineering, Application Security, Web and Mobile Security, Infrastructure Security, Access Management, Threat and Vulnerability Management, Security Monitoring, Incident Response, and Cloud Security.
  • Required; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.

 

KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED OF THE POSITION

  • Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.
  • Required; IT, risk and security practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).
  • Preferred; regulatory requirements (e.g. NERC CIP, NRC Nuclear Cyber 10 CFR 73.54, SOX, PCI, Privacy).
  • Required; IT risk & security domains and controls (e.g. cyber, network, infrastructure, applications, and projects).
  • Advanced Microsoft Office product expertise.
  • Intermediate level presentation skills including to Management, and Executive audiences.
  • Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.
  • Must have measured courage to say “no,” to focus on key priorities.
  • Ability to travel (up to 25%).

 

EDUCATION NEEDED
Bachelor’s degree or equivalent experience required.  
Advanced degree preferred. 

 

ANY CERTIFICATES, LICENSES ETC., REQUIRED FOR THE POSITION
Must demonstrate commitment to development.  One or more, relevant qualifications, including but not limited to:
CRISC, CISSP, CISM, CISA, CIA, PMP, SANS GIAC (e.g. GCISP).

#li-mm1

Primary Location: Texas-The Woodlands
Job Function: Information Technology
FLSA Status: Professional
Relocation Option: Level II
Union description/code: NON BARGAINING UNIT-NBU
Number of Openings: 1
Req ID: 86598
Travel Percentage:Up to 25%

 

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.

 

WORKING CONDITIONS: 

As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.


Nearest Major Market: Houston

Job Segment: Technical Writer, Risk Management, Compliance, Engineer, Technology, Finance, Security, Legal, Engineering