IT Security Risk & Compliance Analyst (Metrics, Analytics & Reporting)

Date: Aug 16, 2019

Location: The Woodlands, TX, US

Company: Entergy

*This position can be filled in New Orleans, LA or The Woodlands, TX (strongly preferred).*

The official title for this position will be IT Business Analyst or IT Business Analyst Sr depending on experience and is an individual contributor role.



For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance.  Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.

We value integrity and diverse perspectives.  We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes.  We offer opportunities to develop your portfolio of experience and advance your career.  You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.

The IT Analyst, Senior – Metrics, Analytics & Reporting is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX).  A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests.  Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.




Professional Practices

Advance our people, process, and technology agendas to foster team, individual and Entergy success.


Metrics, Analytics & Reporting

  • Advance the design, delivery and performance of IT security, risk and compliance metrics, analytics, and reporting.
  • Deliver and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.
  • Deliver data-driven decision-making solutions, via business intelligence that is timely, accurate, and actionable.
  • Quantify technology, cyber security and regulatory compliance risk.
  • Work with complex data sets and data visualization, integrating structured and unstructured data from disparate sources.
  • Apply risk event data, KCIs, KPIs, and KRIs, and model risk & control relationships, to support ad-hoc and pre-built reports.
  • Synthesize complex analytical findings into dashboards and reports using advanced visualization tools.
  • Maximize risk reduction by prioritizing risk mitigation initiatives based on impact and risk-cost-based benefits.
  • Calculate security ROI to right-size budgets via insight into how much security investments can reduce risk.
  • Deliver high quality products, communicating in technical and business terms for Management, Executives, and the Board.
  • Ensure data life cycle governance, lineage, and quality.
  • Present data and information it in a way that tells a story and weave a story into a compelling final product.
  • Visualize, describe and publish metrics and analytics for internal and external consumption.
  • Visualize content (e.g. layouts, charts, graphics) to deliver powerful messaging in conjunction with written content.
  • Co-author whitepapers, case studies, and digital media products.


Demand & Service Delivery

Drive service efficiency and effectiveness via application of technology, for better business solutions.


Performance & Improvement

  • Drive continuous improvement of program performance, and compliance with regulatory and company standards.
  • Drive process excellence, maturity, and act on results to develop new solutions to mitigate risks.


IT Security Risk & Compliance Governance

Support key governance committees, sub-committees, working groups and forums.



  • 3 to 5+ years of work experience and expertise, capabilities and accomplishments directly relevant to the position.
  • 1+ years of work experience in IT security, risk, controls, audit and regulatory compliance.
  • Preferred; experience in a regulatory compliance function within a utility or related, or highly regulated industry.
  • Preferred; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).
  • Preferred; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.



  • Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.
  • Gathering requirements, formulating metrics, and converting data analysis into tangible reporting products.
  • Data analytics and visualization tools; e.g. Power BI, Tableau, SAS, and QuickSight.
  • Relevant programming and scripting skills; e.g. Java, SQL, Hadoop, Spark, Python, Ruby, MATLAB, and Unix shell.
  • Data engineering, analytics, warehousing, mining, profiling, dashboards and Business Intelligence (BI).
  • IT risk, security and technology practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).
  • Advanced Microsoft Office product expertise.
  • Intermediate level presentation skills including to Management, and Executive audiences.
  • Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.
  • Must have measured courage to say “no,” to focus on key priorities.
  • Ability to travel (up to 25%).



Bachelor’s degree  or equivalent experience required.

Advanced degree preferred.



Must demonstrate commitment to development.  One or more, relevant professional qualifications.

Primary Location: Texas-The Woodlands
Job Function: Information Technology
FLSA Status: Professional
Relocation Option: Level II
Union description/code: NON BARGAINING UNIT-NBU
Number of Openings: 1
Req ID: 86591
Travel Percentage:Up to 25%


An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.


As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.


Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.

Nearest Major Market: Houston

Job Segment: Analytics, Risk Management, Compliance, Data Analyst, Management, Finance, Security, Legal, Data