Job Information
Entergy Risk Coordinator in The Woodlands, Texas
Work Place Flexibility: Hybrid
Legal Entity: Entergy Services, LLC
*This position c
*This position can be located in New Orleans, LA, The Woodlands, TX, Little Rock, AR or Jackson, MS – Other locations within Entergy’s service territory may be considered*
Job Summary/Purpose
The Risk Coordinator serves as an advisor to help manage risk and enable alignment to the enterprise risk agenda via coordinating and facilitating cyber and physical risk assessments to be presented to executive management.
The Risk Coordinator assesses the appropriateness of security, reliability, privacy, and data protection exceptions for business units from inputs provided and recommends where business units can enhance security protocol or execution to meet risk appetite.
Job Duties/Responsibilities
Risk Identification and Assessment
Provide risk assessment /advisement on new technologies, critical infrastructure protection, logical cyber and physical security controls, and data protection measures
Identify, evaluate, and prioritize risk treatment
Conduct security reviews of corporate and operational technology infrastructure
Risk Management Program
Develop and acquire expertise in the areas of technology and regulations to ensure Entergy’s security posture and reliability standards are appropriately aligned to target risk thresholds
Provide security risk expertise and guidance to a diverse set of Entergy enterprise and operational technology stakeholders
Assist in security risk management program practices and execution of security policies and requirements
Assist in the creation, maintenance and implementation of enterprise, operational, and critical infrastructure protection risk activities
Apply cybersecurity & risk management framework knowledge to drive risk identification across the enterprise
Compliance & Reporting
Communicate risk details to team members during risk ranking sessions and ensure risk trends are identified
Track and manage risks identified through the security exception process or the cyber or physical risk review process
Develop key risk indicator (KRI) metrics and reporting associated with Entergy’s security risk to be utilized in executive reporting and dashboards
Coordination
Coordinate with peer CSO functions to address security gaps within the three lines of defense as they arise through the risk exception process including identifying root causes and trends
Liaise with Lines of Business on security and reliability risks identified through the exception process or as new technologies and related projects are initiated
Guide business unit stakeholders on the mitigation strategies for requested exceptions
Facilitate line of business understanding of the impact of all mission critical business processes
Apply cybersecurity & risk management framework knowledge to drive risk identification across the enterprise
Procedure Development
Assist in data and risk management process and procedure development
Data Protection & Privacy
Assist in data protection and privacy program governance and oversight activities
Minimum Requirements
Minimum education required of the position
Bachelor’s Degree in Information Systems, Information Assurance, Risk Management or related degree
Minimum experience required of the position
5+ years of information security, critical information protection, information technology or risk management experience
Minimum knowledge, skills and abilities for the position
Planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment
Problem-solving/decision making ability
Written and verbal communication skills, able to explain complex issues in clear and concise terms
Interpersonal skills, including teamwork, facilitation and negotiation
Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
Preferred knowledge, skills and abilities for the position
Understanding of risk management frameworks (NIST 800-39 " Managing Information Security Risk “, NISTIR 8286 "Integrating Cybersecurity and Enterprise Risk Management (ERM) “, The Open FAIR (Factor Analysis of Information Risk), COSO Enterprise Risk Management, etc.)
Understanding of logical and physical security technologies and controls (NIST CSF, NIST 800-53, etc.)
Understanding of privacy protection best practices and technical requirements
Technology (Archer GRC/ServiceNow GRC or GRC platforms, Microsoft Power BI or other Data Analytics, Quantitative Risk, other risk management platforms)
Any certificates, licenses, etc. required for the position
The following certifications are desired but not required for this position;
Certified Information Systems Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Systems Control (CRISC)
Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Systems Auditor (CISA)
Certified Protection Profession (CPP)
#LI-HYBRID
#LI-SB1
Primary Location: Texas-The Woodlands Texas : The Woodlands || Arkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson || Texas : Woodlands
Job Function : Professional
FLSA Status : Professional
Relocation Option:
Union description/code : NON BARGAINING UNIT
Number of Openings : 1
Req ID: 115053
Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please clickhere (https://jobs.entergy.com/content/EEO/?locale=en_US) to view the EEI page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here (humanr@entergy.com?subject=Accessibility) and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information. 41 CFR 60-1.35(c). Equal Opportunity (https://www.dol.gov/agencies/ofccp/manual/fccm/2l-equal-opportunity-clauses-and-other-requirements/2l00-equal-opportunity) and Pay Transparency (https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_%20English_formattedESQA508c.pdf) .
Pay Transparency Notice:
Pay Transparency Nondiscrimination Provision (dol.gov) (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Job Segment: Risk Management, Cyber Security, Database, Information Security, Information Systems, Finance, Security, Technology