Job Title: Information Security Engineer III or Sr.

Work Place Flexibility: Hybrid 

Legal Entity: Entergy Services, LLC 

***This is a hybrid position open to New Orleans, LA, Little Rock, AR, and The Woodlands, TX. Relocation assistance and Sponsorship is not provided.***

Brief Position Description

The Information Security Engineer III or Sr. implements and executes a framework to ensure that the security organization's practices remain observant to compliance directives required by North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54), and internal Operational Technology (OT) security controls.  The Information Security Engineer III or Sr. will enforce necessary cyber security and compliance policies and procedures. The Information Security Engineer III or Sr. will track and trend compliance effectiveness and propose program adjustments to address issues. This role is responsible for ensuring Entergy adapts to emerging regulations and works to continually improve the security organization’s regulatory compliance posture.  The role is critical to ensure Information Security (IS) complies with all applicable federal, state & local regulatory requirements. The primary focus of this role is regulatory compliance and assessments, with some technical execution responsibilities as the role grows into the program.

This role will participate in communications with governmental agencies, information sharing centers, and industry peers on the status of Entergy’s regulatory compliance status.

Key responsibilities include:

• Responsible for coordinating the regulatory program within IS to ensure strict adherence with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX) requirements
• Document CS processes and procedures into process flows and apply a risk-based approach to determine areas of weakness utilizing frameworks such as COBIT and NIST
• Responsible as the tertiary contact within the CS organization for communicating with executives, external regulators, and Entergy oversight entities on all aspects of compliance initiatives and status
• Responsible for effectively conducting compliance assessments to ensure adherence to Entergy policies and regulatory requirements across the various CS groups and Business Units.
• Effectively communicate results to the Manager, Director, and senior leadership
• Track the status of compliance programs and initiatives across the CS organization and assist with coordination of compliance activities with internal and external audit entities
• Participate in the execution of OT Cyber Security Programs, including but not limited to:
  • Asset Inventory Management
  • Configuration Management
  • Change Management
  • Recovery Plans
  • Security Monitoring
  • Vulnerability Management
  • Transient Cyber Asset Management
• Ideate and implement improvement opportunities for existing processes, toolsets, documentation, etc.
• Track Key Performance Indicators (KPI) to measure the IS organization's effectiveness in meeting its business performance expectations and adhering to applicable compliance requirements; communicate findings to the Director and senior leadership
• Assist with establishing policies and procedures for conducting periodic compliance assessments, aggregating results and communicating with various levels of management
• Identify gaps between Entergy’s policies and procedures and current industry standards and report to Director on results
• Participate in the Corrective Action Program (CAP) process for evaluating the conditions adverse to quality, safety, security and compliance; set priorities in correcting problems and tracking them until they have been corrected
• Deliver on continuous improvement of IS compliance with regulatory and company standards
• Maintain awareness of changing regulatory requirements, review Entergy policies, and recommend revisions to remain compliant to changing regulations
• Coordinate with other departments when drafting and revising new polices to obtain the appropriate approvals
• Maintain/execute the IS Performance Management processes; collect/analyze/deliver performance metrics and associated commentary to IS groups, functional organizations, and business units
• Provide Daily/Weekly/Monthly Change Management reporting and Key Performance Indicators (KPI) Metrics information
• Deliver on process excellence and maturity to push the envelope on maintaining a strong culture of regulatory compliance at Entergy
• Motivate staff to excel and continuously improve in keeping the enterprise compliant with regulatory requirements and Entergy policies
• Maintain insights regarding emerging regulations relevant to Entergy’s business
• Dissect operational, performance, and compliance data to find trends, corrective actions, input into the roadmaps
• Integrate and analyze data from multiple sources and draw meaningful conclusions to articulate and strengthen Entergy’s regulatory compliance
• Identify leading indicators of compliance irregularities and assist in shaping strategy and roadmaps
• Identify and explain unusual fluctuations and trends in data set and develop proactive corrective actions to mitigate issues
• Analyze and research well-defined inquiries (non-interpretative issues) on assigned data sets and conduct data analysis and visualization, as needed

Experiences needed

• Minimum six (for Engineer III) to nine (for Engineer Sr.) years of regulatory compliance and auditing experience related to cybersecurity. Level will be determined not only by years of experience, but demonstration of knowledge and skills.
  • OT cybersecurity experience is a plus
  • NERC CIP experience is a plus
• 4+ years of work experience managing a regulatory compliance function within a utility or related industry
• Strong communication skills with internal stakeholders and regulatory agencies
• Experience with cybersecurity operations
  • OT cybersecurity operational experience is a plus
• Demonstrated experience with data analysis, data integration and data validation activities with large, regulated utilities or related industry
• Experience with data analysis, data integration and data validation activities with large, regulated utilities or related industry
• Experience managing indirect and outsourced resources
• Experience managing operations playbooks, run books, and performance measures
• Experience with regulatory relations and/or regulatory reporting
• Performance maintaining and optimizing operations leveraging industry best practices

Minimum knowledge, skills, and abilities required of the position

• Strong knowledge of security ramifications of energy related regulations (NERC CIP, NRC Nuclear Cyber (10 CFR 73.54)
• Knowledge of security, risk, and control frameworks and standards such as ISO 27001, NIST, FISMA & COBIT
• Knowledge of current regulations as it pertains to Entergy’s business
• Detailed oriented with the ability to utilize sound business judgment to interpret regulatory requests and corresponding data 
• Ability to quickly adapt to changing events and priorities
• Ability to translate complex technical information into terms and products useful to management
• Strong social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences
• Available to travel
• Comfortable working in high stress and ambiguous environments
• Capable of meeting deadlines and budgets

Education

Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience.  Advanced degree preferred.

Any certificates, licenses, etc., required for the position

• Cybersecurity certification, such as CISSP, CISM, CISA, GCIP, etc. required

WORKING CONDITIONS

The condition is an office environment with minimal physical requirements.  As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company.  Exempt employees may not be paid overtime associated with such duties.

#LI-DG1

#LI-HYBRID

Primary Location: Texas-Woodlands Texas : Woodlands || Arkansas : Lonoke || Louisiana : New Orleans 
Job Function: Engineering
FLSA Status: Exempt Ind 
Relocation Option:
Union description/code:  
Number of Openings: 1
Req ID: 122303
Travel Percentage:Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEO page, or see statements below.

EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. 

The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Know Your Rights: Workplace Discrimination is Illegal

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment.  Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.