Title:  Manager, Enterprise Security Architecture

Date:  Apr 8, 2021
Legal Entity:  Entergy Services, LLC
Description: 

***This position may be filled in New Orleans LA, The Woodlands TX, Little Rock AR or Jackson MS. Others locations within Entergy’s service territory may be considered***

 

 

Entergy Corporation is an integrated energy company engaged primarily in electric power production and retail distribution operations.  Entergy owns and operates power plants with approximately 30,000 megawatts of electric generating capacity, including 8,000 megawatts of nuclear power.  Entergy delivers electricity to 2.9 million utility customers in Arkansas, Louisiana, Mississippi, and Texas.  Tracing its history to 1913 and headquartered in New Orleans, Louisiana, Entergy has annual revenues of $11 billion and more than 13,000 employees.

 

The company’s utility business provides electric retail and wholesale power to customers in four states through five utility operating companies:  Entergy Arkansas, LLC; Entergy Louisiana, LLC; Entergy Mississippi, LLC; Entergy New Orleans, LLC; and Entergy Texas, Inc.  Entergy also delivers natural gas services to 200,000 customers in New Orleans and parts of Baton Rouge, Louisiana.  Entergy is winding down its wholesale generation business, which provides power to wholesale customers primarily from our two remaining nuclear facilities located in the northern United States.

 

The electric utility industry is rapidly changing, and Entergy is entering an exciting period of growth as we prepare for the future.  We are building the premier utility, a utility that delivers sustainable value to all its stakeholders – our customers, employees, communities, and owners – as measured by strong net promoter scores, high levels of service, superior and affordable products and services, highly skilled and engaged employees, and industry-leading financial performance.  We are focusing our sights on three key priorities – customer centricity, continuous improvement, and creating a culture of belonging for our employees.  Join us as we take the next step on our journey to building the premier utility.

 

Brief Position Description

The Enterprise Security Architecture Manager is responsible for defining, establishing and modernizing a robust information security architecture to ensure security of all Corporate IT, Operational Technology (OT), and Internet of Things (IoT) enabled systems at Entergy. The manager will lead a team of security architects that provide support and services across the enterprise and collaborate with other teams to realize the architecture strategy by driving the implementation of security solutions to protect the enterprise and maintain compliance with all regulatory requirements. Drive continuous improvement of Entergy’s security posture to ensure the security of data and critical systems and will provide Subject Matter Expertise (SME) over security architecture and policies and procedures as it pertains to security across multiple platforms & technologies.

 

The Manager will manage a team of employees and a flexible pool of contingent or 3rd party depending on project needs.

 

Key responsibilities include:  

  • Lead the direction of information security through the development of an information security strategy that addresses the threats to the Entergy environment.
  • Collaborate with engineering teams to drive security roadmaps by providing security requirements that map security controls and patterns to products, services and threats.
  • Serve as the Security Lead in the design, implementation and integration phases of cloud-based solutions to meet client and firm security requirements, address enterprise risks and exposures in cloud-based solutions
  • Define information security controls and patterns that support risk assessments and support the development of secure architectures.
  • Provide technical security expertise to solutions including communicating security architectural decisions, benefits, and risks.
  • Collaborate with technology architecture teams and business stakeholders by performing security analysis of proposed architectures, providing risk assessment feedback, including security requirements; provide security consulting services internally to the organization by giving security guidance and functioning as an information security subject matter expert.
  • Deliver world-class security architecture for all corporate and operational technology needs, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
  • Ensure security architecture & implementation complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
  • Develop reference security architectures across applications, infrastructure, network, cloud, IoT, on-prem, mobile and physical environments
  • Own and guide implementation of information security architecture strategy and technology roadmap to ensure the best balance of security, efficiency, effectiveness, and scalability while protecting against internal/external threats across all platforms
  • Assist the Security Architecture and Engineering Director in conducting technology and vendor assessments to validate that information security technology portfolios are kept up to date and meet contractual requirements
  • Identify new trends in systems security and data protection, and support business cases for investment in advancing security capabilities (DLP, IPS, SIEM, etc.) to improve Energy’s security posture.
  • Attend and participate in technical engagements with audit, regulators, clients, and third parties, when required 
  • Determine staffing requirements, including recruiting, hiring, training, development, and retention of highly qualified team members

 

Minimum Experiences needed

  • Five plus years of cyber security and architecture experience across multiple disciplines (monitoring, network engineering, mobile devices, various endpoint architectures, application security, physical environments, etc.)
  • Experienced people leader with direct management/supervision of employees, building teams, performance management and employee development.
  • Practical technical experience within a Cyber Security role and at least 3 years of utility related or direct electric utility industry experience required
  • Strong experience in building cyber resilient architecture, recommendation and implementation of best practices to secure network and application infrastructure, protect information against unauthorized data access and loss, risk reduction and vulnerability mitigation
  • Experience with Cyber security programs, specifically Enterprise Security Architecture to include reference security architecture creation, security program assessment, security operations, incident response, forensic analysis, threat intelligence, identity and access management, data protection, penetration testing, Web application security testing, vulnerability and risk management
  • Working knowledge of security products in on-prem, cloud and SaaS models, SIEMs, firewalls, security applications, vulnerability detection, network devices, and endpoint protection
  • Experience with electric utility customer service, distribution grid technologies and SCADA operations, e.g., Smart Grid, AMI, SCADA, meter data management systems (MDMS), etc.
  • Experience working with outsourced teams
  • Demonstrated organizational and scheduling skills, strong time management skills
  • Proven ability to lead a team of engineers, architects, and/or external resources
  • Strategically oriented and can influence indirectly at the org and enterprise level as needed
  • Expertise in working in partnership with colleagues throughout the enterprise, and in leading collaborative teams to achieve common goals

 

Minimum knowledge, skills, and abilities required of the position

  • Knowledge of IT Security regulations and guidance such as NIST, FISMA & ISO27001
  • Familiarity with The Open Group Architecture Framework (TOGAF), Open Web Application Security Project (OWASP), Open Security Architecture, National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture, or other architecture frameworks
  • Able to be a hands-on manager with technical engineering and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization
  • Well-versed in security technologies & implementation
  • Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)
  • Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
  • Advanced knowledge of security technologies including Firewall, IDS/IPS/HIDS, anti-virus, SIEM, Vulnerability Scanning, Threat Intelligence sources, and familiarity with the MITRE ATT&CK framework and Cyber Kill Chain.
  • Knowledge of current Information and Cyber Security trends
  • Excellent report writing and ability to effectively communicate across the organization
  • Available to travel
  • Self-motivated, with the ability to manage and follow up on multiple tasks simultaneously
  • Capable of meeting deadlines and budgets
  • Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards

 

 

Minimum Education needed

Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience.  Advanced degree preferred.

 

Any certificates, licenses, etc., required for the position

ISACA certification, such as CISSP, CISM, CISA

Relevant vendor credentials offered by companies such as Symantec

 

#LI-JL1

Primary Location: Texas-The Woodlands
Job Function: Information Technology
FLSA Status: Professional
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT-NBU
Number of Openings: 1
Req ID: 102112
Travel Percentage:Up to 25%

 

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.

 

WORKING CONDITIONS: 

As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.


Job Segment: Architecture, Corporate Security, Engineer, Law, Security, Engineering, Legal