Entergy IT Security Risk & Compliance (Performance & Reporting) in The Woodlands, Texas
Date: Sep 14, 2019
Location: The Woodlands, TX, US
This position can be filled in New Orleans, LA or The Woodlands, TX (strongly preferred).
The official title for this position will be IT Program Manager or IT Program Manager Sr depending on experience and is an individual contributor role.
BRIEF POSITION DESCRIPTION
For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance. Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.
We value integrity and diverse perspectives. We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes. We offer opportunities to develop your portfolio of experience and advance your career. You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.
The IT Program Manager, Senior – Performance & Reporting is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX). A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests. Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.
Advance our people, process, and technology agendas to foster team, individual and Entergy success.
Metrics, Analytics & Reporting
Advance the design, delivery and performance of IT security, risk and compliance metrics, analytics, and reporting.
Deliver and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.
Deliver data-driven decision-making solutions, via business intelligence that is timely, accurate, and actionable.
Quantify technology, cyber security and regulatory compliance risk.
Work with complex data sets and data visualization, integrating structured and unstructured data from disparate sources.
Apply risk event data, KCIs, KPIs, and KRIs, and model risk & control relationships, to support ad-hoc and pre-built reports.
Synthesize complex analytical findings into dashboards and reports using advanced visualization tools.
Maximize risk reduction by prioritizing risk mitigation initiatives based on impact and risk-cost-based benefits.
Calculate security ROI to right-size budgets via insight into how much security investments can reduce risk.
Deliver high quality products, communicating in technical and business terms for Management, Executives, and the Board.
Ensure data life cycle governance, lineage, and quality.
Present data and information it in a way that tells a story and weave a story into a compelling final product.
Visualize, describe and publish metrics and analytics for internal and external consumption.
Visualize content (e.g. layouts, charts, graphics) to deliver powerful messaging in conjunction with written content.
Co-author whitepapers, case studies, and digital media products.
Demand & Service Delivery
Advance our success in running an effective IT security, risk and compliance function.
Drive service efficiency and effectiveness via application of technology, for better business solutions.
Drive actionable ideas, process excellence, and innovative business performance.
Manage and measure planned and unplanned demand, and the delivery of service performance and value.
Establish standards, and procedures for the IT Security Risk and compliance service catalog.
Performance & Improvement
Advance the continuous improvement and performance of IT security risk & compliance. Innovate and automate solutions, to ensure efficiency and effectiveness of the IT Security Risk and compliance strategy, and its alignment to business objectives.
Drive continuous improvement and performance of IT security risk & compliance.
Drive service efficiency and effectiveness via application of knowledge and technology for better business solutions.
Identify gaps between Entergy’s policies and standards versus industry standards and report on results.
Document IT processes and procedures into process flows and apply a risk-based approach to determine areas of weakness.
Drive process excellence, maturity, and act on results to develop new controls to appropriately mitigate risks.
Advance the Entergy IT Security Risk & Compliance workforce security culture, awareness, and training.
Audit, Regulatory, & Risk Goverance
Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and Risk and compliance partners.
IT Security Risk & Compliance Governance
Support key governance committees, sub-committees, working groups and forums.
5 to 7+ years of work experience and expertis, capabilities and accomplishments directly relevan to the position.
3+ years of work experience in IT security, risk, controls, audit and regulatory compliance
Preferred; experience in a regulatory compliance function within a utility or related, or highly regulated industry.
Preferred; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).
Preferred; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.
Minimum Knowledge, skills, and abilities required of the position
Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.
Gathering requirements, formulating metrics, and converting data analysis into tangible reporting products.
Data analytics and visualization tools; e.g. Power BI, Tableau, SAS, and QuickSight.
Expertise with demand management, project and service delivery, and business performance.
Expertise with business process engineering, performance and improvement (e.g. Six Sigma, Agile).
IT risk, security and technology practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).
Advanced Microsoft Office products expertise.
Advanced level presentation skills including to Management, and Executive audiences.
Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.
Must have measured courage to say “no,” to focus on key priorities.
Ability to travel (up to 25%).
Bachelor's degree or equivalent experience required
Advanced degree preferred.
Any Certificates, Licenses etc., required for the position
Must demonstrate commitment to development. One or more, relevant qualifications, including but not limited to: CRISC, CISSP, CISM, CISA, CIA, PMP, SANS GIAC (e.g. GCISP).
Primary Location: Texas-The Woodlands
Job Function :Information Technology
FLSA Status :Professional
Relocation Option: Level II
Union description/code :NON BARGAINING UNIT-NBU
Number of Openings :1
Req ID: 86590
Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Nearest Major Market: Houston
Job Segment: Risk Management, Compliance, Law, Engineer, Finance, Security, Legal, Engineering