Entergy IT Security Risk & Compliance (IT SOX) in The Woodlands, Texas
Date: Jan 31, 2020
Location: The Woodlands, TX, US
This position can be filled in The Woodlands, TX or New Orleans, LA.
The official title for this position will be IT Program Manager or IT Program Manager Sr depending on experience.
BRIEF POSITION DESCRIPTION
For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance. Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.
We value integrity and diverse perspectives. We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes. We offer opportunities to develop your portfolio of experience and advance your career. You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.
The IT Program Manager, Senior – Regulatory Risk & Compliance is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX). A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests. This scope of this role emphasizes IT compliance related to Sarbanes Oxley (IT SOX). Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.
Advance our people, process, and technology agendas to foster team, individual and Entergy success.
IT Security Risk and Compliance
Partner with key constituents to drive effective management of Entergy IT security, risk and compliance with enterprise policies, and applicable regulatory requirements. Help improve the IT security control environment and mitigate risk within our Technology division.
Deliver timely and effective IT security, risk & controls ‘triage’ services to meet unplanned, urgent workload demands.
Deliver effective risk identification & assessment, risk response & mitigation, risk and control monitoring & reporting outcomes.
Assist with establishing and maintaining practices, standards, and procedures for conducting engagements.
Participate in Corrective Action Program (CAP); evaluate conditions adverse to quality, safety, risk, security and compliance.
Set priorities in correcting problems and tracking them until they have been corrected.
Maintain awareness of regulatory changes; review Entergy policies, and recommend revisions to remain compliant.
Coordinate with other departments when drafting and revising new polices to obtain the appropriate approvals.
Deliver on process excellence and maturity to maintain a strong culture of regulatory compliance.
Prioritize and deliver multiple complex projects to meet deadlines, in a fast-paced environment.
IT SOX Risk and Compliance Engagements
Execute and deliver the IT SOX risk, controls and compliance program.
Lead and execute IT security risk, controls & compliance engagements (assurance and advisory) across security domains.
Craft key messages for Management and governance bodies, including engagement objectives, status and results.
Plan engagements, outline scope, and identify in-scope systems and IT security risks and controls.
Test processes and controls, identify control deficiencies, agree findings, and recommend remediation plans.
Challenge established processes and controls to ensure they are adequate and effective to mitigate risk.
Ensure timely delivery of the highest quality work and value-add recommendations.
Document work-papers, communicate outcomes, and report engagement results.
Influence leaders to act on recommendations, make process improvements, and strengthen the control environment.
Track status of deficiencies, and ensure corrective actions are complete and sustainable.
Provide effective assurance and advisory outcomes to Technology & Security leadership, and key stakeholders.
Demand & Service Delivery
Manage and measure planned and unplanned demand, and the delivery of service performance and value.
Performance & Improvement
Drive continuous improvement of program performance, and compliance with regulatory and company standards.
Drive process excellence, maturity, and act on results to develop new solutions to mitigate risks.
Audit, Regulatory, and Risk Governance
Advance the performance of IT security, risk and compliance audit, regulatory, and risk and compliance outcomes.
Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and Risk and compliance partners.
Monitor regulations relevant to Entergy IT, and partner with key constituents to manage legal and regulatory change.
Partner with key 3rd & 4th LoD constituents to support effective and balanced audits and regulatory engagements.
Partner with key 2nd LoD constituents to support effective and balanced internal governance and assessments.
Metrics, Analytics & Reporting
Advance the design, delivery and performance of IT security, risk and compliance metrics, analytics, and reporting.
Deliver and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.
5 to 7+ years of work experience and expertise, capabilities and accomplishments directly relevant to the position.
3+ years of work experience in IT security, risk, controls, audit and regulatory compliance.
3+ years of work experience in a regulatory compliance function within a utility or related, or highly regulated industry.
Must: ability to plan, deliver, and report results of IT security risk, control, and compliance engagements.
Required; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).
Advanced expertise across security domains: e.g. Architecture and Engineering, Application Security, Web and Mobile Security, Infrastructure Security, Access Management, Threat and Vulnerability Management, Security Monitoring, Incident Response, and Cloud Security.
Required; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.
KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED OF THE POSITION
Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.
Required; IT, risk and security practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).
Required; regulatory requirements (i.e. SOX).
Required; IT risk & security domains and controls (e.g. cyber, network, infrastructure, applications, and projects).
Advanced Microsoft Office product expertise.
Advanced level presentation skills including to Management, and Executive audiences.
Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.
Must have measured courage to say “no,” to focus on key priorities.
Ability to travel (up to 25%).
Bachelor’s degree or equivalent experience required.
Advanced degree preferred.
ANY CERTIFICATES, LICENSES ETC., REQUIRED FOR THE POSITION
Must demonstrate commitment to development. One or more, relevant qualifications, including but not limited to: CRISC, CISSP, CISM, CISA, CIA, PMP, SANS GIAC (e.g. GCISP).
Primary Location: Texas-The Woodlands
Job Function : Information Technology
FLSA Status : Professional
Relocation Option: Level II
Union description/code : NON BARGAINING UNIT-NBU
Number of Openings : 1
Req ID: 86593
Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Nearest Major Market: Houston
Job Segment: Risk Management, Compliance, Engineer, Law, Finance, Security, Legal, Engineering