Title:  Information Security Analyst II or III (SOX & Risk)

Date:  Jan 7, 2022
Legal Entity:  Entergy Services, LLC

Posting End Date:  


***This position may be filled as an Info Sec Analyst II or III depending on the candidate's qualifications and experience***


Entergy Corporation is an integrated energy company engaged primarily in electric power production and retail distribution operations.  Entergy owns and operates power plants with approximately 30,000 megawatts of electric generating capacity, including 8,000 megawatts of nuclear power.  Entergy delivers electricity to 2.9 million utility customers in Arkansas, Louisiana, Mississippi, and Texas.  Tracing its history to 1913 and headquartered in New Orleans, Louisiana, Entergy has annual revenues of $11 billion and more than 13,000 employees.


The company’s utility business provides electric retail and wholesale power to customers in four states through five utility operating companies:  Entergy Arkansas, LLC; Entergy Louisiana, LLC; Entergy Mississippi, LLC; Entergy New Orleans, LLC; and Entergy Texas, Inc.  Entergy also delivers natural gas services to 200,000 customers in New Orleans and parts of Baton Rouge, Louisiana.  Entergy is winding down its wholesale generation business, which provides power to wholesale customers primarily from our two remaining nuclear facilities located in the northern United States.


The electric utility industry is rapidly changing, and Entergy is entering an exciting period of growth as we prepare for the future.  We are building the premier utility, a utility that delivers sustainable value to all its stakeholders – our customers, employees, communities, and owners – as measured by strong net promoter scores, high levels of service, superior and affordable products and services, highly skilled and engaged employees, and industry-leading financial performance.  We are focusing our sights on three key priorities – customer centricity, continuous improvement, and creating a culture of belonging for our employees.  Join us as we take the next step on our journey to building the premier utility.


Brief Position Description:

The Performance and Regulatory Compliance group implements control frameworks to ensure that the security organization's practices remain observant to all compliance directives required by Sarbanes-Oxley (SOX) requirements and the Health Insurance Portability and Accountability Act (HIPAA).  The Analyst will work to ensure that the IS risks are identified and mitigated. The Analyst will support the tracking and trending of risk and compliance effectiveness and propose program adjustments to address issues. This position in the Performance and Regulatory Compliance group will provide support to ensure Entergy adapts to emerging regulations and risks while working to continually improve the security organization’s regulatory compliance posture. The role is critical to ensure Information Security complies with all applicable federal, state & local regulatory requirements.


Key responsibilities include:

  • Assist in the documentation of IS processes and procedures into process flows
  • Apply a risk-based approach to determine areas of weakness using frameworks such as COBIT and NIST
  • Assist with compliance assessments of Entergy policies and regulatory requirements across the various IS groups
  • Track Key Performance Indicators (KPI) to measure the IS organization's effectiveness and communicate findings
  • Assist with periodic compliance assessments
  • Maintain awareness of changing regulatory requirements
  • Compile Change Management reporting, Key Performance Indicators (KPI), and Key Risk Indicators (KRI) information
  • Integrate data from multiple sources to draw conclusions regarding Entergy’s regulatory compliance
  • Identify potential compliance irregularities through the use of KRIs
  • Competently interface with external audit and Entergy Internal Audit
  • Deliver process excellence on maintaining a strong culture of regulatory compliance at Entergy


Experience needed:

Info Sec Analyst II: 2+ years of work experience in a regulatory compliance function within a utility or related industry

Info Sec Analyst III: 4+ years of work experience in a regulatory compliance function within a utility or related industry

  • Good communication skills with internal stakeholders
  • Experience with cybersecurity operations
  • Experience working with direct, indirect, and outsourced resources
  • Exposure to operations playbooks, run books, and performance measures
  • Some experience maintaining operations leveraging industry best practices
  • Experience with data analysis, data integration, and data validation activities with large, regulated utilities or related industry  


Minimum knowledge, skills, and abilities required of the position:

  • Knowledge of security ramifications of applicable regulations (SOX and HIPAA)
  • Knowledge of security, risk, and control frameworks and standards such as ISO 27001, NIST, FISMA & COBIT
  • Ability to quickly adapt to changing events and priorities
  • Social, verbal, and written communication skills, with ability to effectively present analytical data
  • Detail oriented with the ability to interpret regulatory requests and corresponding data
  • Available to travel
  • Comfortable working in high stress and ambiguous environments
  • Capable of meeting deadlines


Education needed

Associate’s or bachelor’s degree in computer science, cyber security, Internal Audit, or a related discipline or equivalent work experience.


Any certificates, licenses, etc., preferred for the position

Professional certifications such as CISSP, CISM, CISA are a plus




Primary Location: Texas-The Woodlands
Job Function: Information Technology
FLSA Status: Professional
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT-NBU
Number of Openings: 1
Req ID: 105133
Travel Percentage:Up to 25%


An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.



As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Job Segment: Information Security, Risk Management, Law, Compliance, Technology, Finance, Security, Legal