IT Security Risk Governance Analyst

Date: Aug 16, 2019

Location: The Woodlands, TX, US

Company: Entergy

*This position can be filled in New Orleans, LA or The Woodlands, TX  (strongly preferred).*

The official title for this position will be IT Business Analyst or IT Business Analyst Sr depending on experience and is an individual contributor role.

BRIEF POSITION DESCRIPTION
For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance.  Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.

 

We value integrity and diverse perspectives.  We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes.  We offer opportunities to develop your portfolio of experience and advance your career.  You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.
 

The IT Analyst, Senior – IT Security Risk Governance is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX).  A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests.  Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.

 

KEY RESPONSIBILITIES

Professional Practices
Advance our people, process, and technology agendas to foster team, individual and Entergy success.

 

IT Security Risk and Compliance Governance

  • Advance the design, delivery and performance of IT security, risk and compliance governance.
  • Advance an effective Technology and Security risk framework & methodology, policy, standards and procedures.
  • Support Risk & Control Self-Assessment (RCSA), Scenario Analysis, and New Product Approval.
  • Advance effective and efficient governance, risk, controls & compliance architectures (inc. Archer GRC system).
  • Support key governance committees, sub-committees, working groups and forums.

 

IT Security Risk and Compliance

  • Support effective risk identification & assessment, risk response & mitigation, risk and control monitoring & reporting.
  • Participate in Corrective Action Program (CAP); evaluate conditions adverse to quality, safety, risk, security and compliance.
  • Set priorities in correcting problems and tracking them until they have been corrected.

 

Metrics, Analytics & Reporting

  • Support and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.
  • Deliver data-driven decision-making solutions, via business intelligence that is timely, accurate, and actionable.
  • Quantify technology, cyber security and regulatory compliance risk.
  • Apply risk event data, KCIs, KPIs, and KRIs, and model risk & control relationships, to support ad-hoc and pre-built reports.
  • Deliver high quality products, communicating in technical and business terms for Management, Executives, and the Board.
  • Visualize, describe and publish metrics and analytics for internal and external consumption.
  • Visualize content (e.g. layouts, charts, graphics) to deliver powerful messaging in conjunction with written content.
  • Co-author whitepapers, case studies, and digital media products.

 

Demand & Service Delivery
Drive service efficiency and effectiveness via application of technology, for better business solutions.

 

Performance & Improvement
Drive continuous improvement of program performance, and compliance with regulatory and company standards.
Drive process excellence, maturity, and act on results to develop new solutions to mitigate risks.

 

Audit, Regulatory, and Risk Governance
Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and Risk and compliance partners.

 

EXPERIENCE NEEDED

  • 3 to 5+ years of work experience and expertise, capabilities and accomplishments directly relevant to the position.
  • 3+ years of work experience in IT security, risk, controls, audit and regulatory compliance.
  • 1+ years of work experience in a regulatory compliance function within a utility or related, or highly regulated industry.
  • IT GRC systems development, maintenance and administration for IT operational risks & controls.
  • Must; hands-on experience with Archer GRC modules (e.g. Risk Management, Compliance Management, SecOps & Incident Management, Audit Management, Third Party Risk, Business Resiliency).
  • Preferred; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).
  • Preferred; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.

 

KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED OF THE POSITION

  • Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.
  • Required; IT, risk and security practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).
  • Preferred; regulatory requirements (e.g. NERC CIP, NRC Nuclear Cyber 10 CFR 73.54, SOX, PCI, Privacy).
  • Preferred; IT risk & security domains and controls (e.g. cyber, network, infrastructure, applications, and projects).
  • Advanced Microsoft Office product expertise.
  • Intermediate level presentation skills including to Management, and Executive audiences.
  • Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.
  • Must have measured courage to say “no,” to focus on key priorities.
  • Ability to travel (up to 25%).

 

EDUCATION NEEDED
Bachelor’s degree required.  Advanced degree preferred. 

 

ANY CERTIFICATES, LICENSES ETC., REQUIRED FOR THE POSITION
Must demonstrate commitment to development.  One or more, relevant qualifications, including but not limited to: CRISC, CISSP, CISM, CISA, CIA, PMP, SANS GIAC (e.g. GCISP).
Archer 6.x Administrator Certification.

Primary Location: Texas-The Woodlands
Job Function: Information Technology
FLSA Status: Professional
Relocation Option: Level II
Union description/code: NON BARGAINING UNIT-NBU
Number of Openings: 1
Req ID: 86594
Travel Percentage:Up to 25%

 

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.

 

WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

 

Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.


Nearest Major Market: Houston

Job Segment: Risk Management, Law, Compliance, Nuclear, Finance, Security, Legal, Energy