Entergy Jobs

Job Information

Entergy IT Security Risk & Compliance (Performance & Reporting) in The Woodlands, Texas

Date: Sep 14, 2019

Location: The Woodlands, TX, US

Company: Entergy

This position can be filled in New Orleans, LA or The Woodlands, TX (strongly preferred).

The official title for this position will be IT Program Manager or IT Program Manager Sr depending on experience and is an individual contributor role.


For Entergy IT, a first line-of-defense (LoD) function, Information Security Performance & Regulatory Compliance manages technology and cyber security risks, controls and compliance. Our priorities are to succeed as One Team, deliver commercially relevant results, sustain strong governance and, advance technology and cyber security risk and compliance.

We value integrity and diverse perspectives. We seek action-oriented professionals, who take ownership and demonstrate urgency to deliver sustainable outcomes. We offer opportunities to develop your portfolio of experience and advance your career. You can have a significant impact by delivering innovative solutions, and your work will directly influence our shared success.

The IT Program Manager, Senior – Performance & Reporting is critical to IT security risk management and compliance with enterprise policies, and regulatory requirements, including North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP), Nuclear Regulatory Commission - Nuclear Cyber (10 CFR 73.54) and Sarbanes Oxley (SOX). A key element of this role is effective partnership and engagement across lines-of-defense, to serve Entergy’s best interests. Also, to drive continuous improvement, you'll participate and, at times, lead team, departmental and/or projects to effectively deliver on operational and strategic goals.

Key responsibilities

Professional Practices

Advance our people, process, and technology agendas to foster team, individual and Entergy success.

Metrics, Analytics & Reporting

  • Advance the design, delivery and performance of IT security, risk and compliance metrics, analytics, and reporting.

  • Deliver and continuously improve best-in-class metrics, analytics, and reporting roadmap, products and services.

  • Deliver data-driven decision-making solutions, via business intelligence that is timely, accurate, and actionable.

  • Quantify technology, cyber security and regulatory compliance risk.

  • Work with complex data sets and data visualization, integrating structured and unstructured data from disparate sources.

  • Apply risk event data, KCIs, KPIs, and KRIs, and model risk & control relationships, to support ad-hoc and pre-built reports.

  • Synthesize complex analytical findings into dashboards and reports using advanced visualization tools.

  • Maximize risk reduction by prioritizing risk mitigation initiatives based on impact and risk-cost-based benefits.

  • Calculate security ROI to right-size budgets via insight into how much security investments can reduce risk.

  • Deliver high quality products, communicating in technical and business terms for Management, Executives, and the Board.

  • Ensure data life cycle governance, lineage, and quality.

  • Present data and information it in a way that tells a story and weave a story into a compelling final product.

  • Visualize, describe and publish metrics and analytics for internal and external consumption.

  • Visualize content (e.g. layouts, charts, graphics) to deliver powerful messaging in conjunction with written content.

  • Co-author whitepapers, case studies, and digital media products.

Demand & Service Delivery

  • Advance our success in running an effective IT security, risk and compliance function.

  • Drive service efficiency and effectiveness via application of technology, for better business solutions.

  • Drive actionable ideas, process excellence, and innovative business performance.

  • Manage and measure planned and unplanned demand, and the delivery of service performance and value.

  • Establish standards, and procedures for the IT Security Risk and compliance service catalog.

Performance & Improvement

  • Advance the continuous improvement and performance of IT security risk & compliance. Innovate and automate solutions, to ensure efficiency and effectiveness of the IT Security Risk and compliance strategy, and its alignment to business objectives.

  • Drive continuous improvement and performance of IT security risk & compliance.

  • Drive service efficiency and effectiveness via application of knowledge and technology for better business solutions.

  • Identify gaps between Entergy’s policies and standards versus industry standards and report on results.

  • Document IT processes and procedures into process flows and apply a risk-based approach to determine areas of weakness.

  • Drive process excellence, maturity, and act on results to develop new controls to appropriately mitigate risks.

  • Advance the Entergy IT Security Risk & Compliance workforce security culture, awareness, and training.

Audit, Regulatory, & Risk Goverance

Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and Risk and compliance partners.

IT Security Risk & Compliance Governance

Support key governance committees, sub-committees, working groups and forums.


  • 5 to 7+ years of work experience and expertis, capabilities and accomplishments directly relevan to the position.

  • 3+ years of work experience in IT security, risk, controls, audit and regulatory compliance

  • Preferred; experience in a regulatory compliance function within a utility or related, or highly regulated industry.

  • Preferred; effective engagement with Auditors, and Regulators (i.e. NERC, SERC, FERC, NRC).

  • Preferred; IT and cyber security governance, risk, controls, compliance, and IT audit assurance and advisory practices.

Minimum Knowledge, skills, and abilities required of the position

  • Direct and demonstrable expertise, capabilities, skills and behaviors relevant for the position.

  • Gathering requirements, formulating metrics, and converting data analysis into tangible reporting products.

  • Data analytics and visualization tools; e.g. Power BI, Tableau, SAS, and QuickSight.

  • Expertise with demand management, project and service delivery, and business performance.

  • Expertise with business process engineering, performance and improvement (e.g. Six Sigma, Agile).

  • IT risk, security and technology practices, standards and controls (e.g. COBIT, NIST-CSF, CIS-CSC, C2M2, ITIL).

  • Advanced Microsoft Office products expertise.

  • Advanced level presentation skills including to Management, and Executive audiences.

  • Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes.

  • Must have measured courage to say “no,” to focus on key priorities.

  • Ability to travel (up to 25%).


Bachelor's degree or equivalent experience required

Advanced degree preferred.

Any Certificates, Licenses etc., required for the position

Must demonstrate commitment to development. One or more, relevant qualifications, including but not limited to: CRISC, CISSP, CISM, CISA, CIA, PMP, SANS GIAC (e.g. GCISP).


Primary Location: Texas-The Woodlands

Job Function :Information Technology

FLSA Status :Professional

Relocation Option: Level II

Union description/code :NON BARGAINING UNIT-NBU

Number of Openings :1

Req ID: 86590

Travel Percentage :Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement.


As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Nearest Major Market: Houston

Job Segment: Risk Management, Compliance, Developer, Law, Finance, Legal, Security, Technology