Entergy Security Policy & Comp Coordinator or Sr Security Policy & Comp Coordinator in New Orleans, Louisiana

Security Policy & Comp Coordinator or Sr Security Policy & Comp Coordinator

Apply now »

Date: Sep 14, 2018

Location: New Orleans, LA, US

Company: Entergy

Job Summary/Purpose

** This position will be filled as a Policy & Comp Coordinator or Sr Policy & Comp Coordinator depending on experience.

The Security Policy & Compliance Specialist is responsible for developing, managing, and coordinating enterprise-wide policies, standards, and guidelines in accordance with Entergy System policies, regulatory requirements, industry best practices. They work directly with all lines of business to produce policies, track compliance performance, raise employee awareness in the effort to manage security risk and protect company critical infrastructure and assets, and perform security data analytics leading to the production of relevant and efficient dashboard and reporting mechanisms. This role drives the mitigation of risk resulting from management-based vulnerabilities, and enables operations and support procedure and protocol development.

Job Duties/Responsibilities

Liaise with External and Internal Audit and regulators to identify impending legislation and potential regulatory changes that would impact policy

Identify pertinent areas for new or revised policies under the Policy Framework

Work with pertinent business SMEs to draft policy

Support the Enterprise Security strategy via policy and procedure development

Develop and disseminate training on how adhere to security policies, including understanding of changing roles and responsibilities

Develop reports around security, risk and compliance training effectiveness

Draft communications for policy roll out or policy update

Distribute communications

Establish the security policy lifecycle process

Create process for centralizing, monitoring and reporting of performance against company security policies, including business unit self-adherence and reporting

Determine if adherence variance violates regulatory requirements

Develop Security Performance Metrics and perform data analysis

Report security compliance through the Compliance Dashboard

Minimum Requirements

Minimum education required of the position

Bachelor’s Degree or equivalent work experience

Master’s Degree preferred

Minimum experience required of the position

5+ years’ risk management experience

Familiarity with regulatory requirements such NERC CIP, SOX, HIPAA, PCI DSS, FCC, FERC, NRC Cyber

2 years compliance, and/or security experience

Minimum knowledge, skills and abilities required of the position

Ability to analyze large amounts of technical data and structure such information for the purposes of clearly documenting and demonstrating security performance with all applicable security policies

Strong oral and written communication skills

Strong analytical, critical thinking and decision making skills

Strong audit skills

Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls, NIST, UCF) and government guidelines and laws (e.g. Sarbanes Oxley Act, NERC/CIP, HIPAA, FCC).

Strong understanding of regulatory requirements impacting the utility industry (SOX, HIPAA, NERC CIP, Smart Meter/Smart Grid, etc.) with subject matter expert knowledge in one or more areas

Ability to establish control objectives based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis

Ability to identify complex control gaps and the related business risk

Independent judgment and discretion in matters of significance with high complexity

Mentor lower job levels

Independently drive work efforts to resolution

Independently sets priorities and work schedule with input on only the most complex projects

Key technical resource and recognized authority on policy and standards

Exercises independent judgment and discretion in matters of significance with broad scope and high complexity

Any certificates, licenses, etc. required for the position

This role prefers one or more of the following certifications;

Certified Information Systems Manager (CISM)

Certified Information Systems Security Professional (CISSP)

Certified in Risk and Information Systems Control (CRISC)

Certified in the Governance of Enterprise IT (CGEIT)

Certified Information Systems Auditor (CISA)

Certified Protection Profession (CPP)

#LI-SM1

Primary Location: Louisiana-New Orleans

Job Function :Professional

FLSA Status :Professional

Relocation Option: Not approved

Union description/code :NON BARGAINING UNIT-NBU

Number of Openings :1

Req ID: 82601

Travel Percentage :Up to 25%

Nearest Major Market: New Orleans

Job Segment: Law, Information Systems, Risk Management, Internal Audit, Security, Legal, Technology, Finance

Apply now »