Entergy Senior Manager, IT - Performance and Regulatory Compliance in Woodlands, Texas

Senior Manager, IT - Performance and Regulatory Compliance

Apply now »

Date: Sep 13, 2018

Location: Woodlands, TX, US

Company: Entergy

Brief Position Description

The Sr Manager of Performance and Regulatory Compliance provides leadership and a develops and implements a framework to ensure that the security organization's practices remain observant to all compliance directives required by North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54). The Sr Manager will establish necessary policies and procedures to track compliance, monitor and adapt to emerging regulations, and continually improve the security organization’s regulatory compliance posture. The role is critical to ensure IT Security complies with all applicable federal, state & local regulatory requirements.

The Sr Manager will support communications with governmental agencies, information sharing centers, and regulatory bodies to gather cyber security threat intelligence and stay abreast of impending cyber security laws and regulations.

The Sr Manager will report to the VP of Information Security (VPIS) and will lead a team including 11 direct reports and a flexible pool of contingent or 3 rd party workers depending on project needs. This role will have direct oversight of three IT functional areas, including Compliance and Improvement, Procedures and Process, and Metrics and Analytics.

Key responsibilities include:

  • Responsible for managing and coordinating the regulatory program within IT to ensure security of the environment in compliance with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)

  • Document IT processes and procedures into process flows and apply a risk-based approach to determine areas of weakness; utilize results to develop new controls to appropriately mitigate risks

  • Primary contact within the IT security organization for communicating with executives, external regulators, and Entergy oversight entities on all aspects of compliance initiatives and status

  • Responsible for effectively planning and conducting compliance assessments with Entergy policies and regulatory requirements across the various IT groups and serve as the primary contact for audit compliance within Entergy’s IT organization

  • Track the status of compliance programs and initiatives across the IT organization and coordinate compliance activities with internal and external audit entities

  • Consolidate and track Key Performance Indicators (KPI) to measure the IT Security organization's effectiveness in meeting its business performance expectations and adhering to applicable compliance requirements; communicate findings to various levels of management including the OCE and Board of Sr Managers

  • Establish policies and procedures for conducting periodic compliance assessments, aggregating results and communicating with various levels of management including the OCE and Board of Sr Managers

  • Build out a best in class compliance data analytics program, proactively working with business partners to reduce regulatory risk

  • Identify gaps between Entergy’s policies and procedures and current industry standards and report to senior leadership on results

  • Oversee the Corrective Action Program (CAP) process for evaluating the conditions adverse to quality, safety significance of problems, setting priorities in correcting problems, and tracking them until they have been corrected

  • Drive continuous improvement of IT security’s compliance with regulatory and company standards

  • Maintain awareness of changing regulatory requirements, review Entergy policies, and recommend revisions to remain compliant to changing regulations

  • Coordinate with other departments when drafting and revising new polices to obtain the appropriate approvals

  • Define/maintain/execute the IT Performance Management processes; collect/analyze/deliver performance metrics and associated commentary to IT groups, functional organizations, and business units

  • Serve as process owner and head of governance for KPIs that monitor compliance to IT Policies and regulatory requirements

  • Provide Daily/Weekly/Monthly Change Management reporting and Key Performance Indicators (KPI) Metrics information

  • Drive process excellence and maturity to push the envelope on maintaining a strong culture of regulatory compliance at Entergy

  • Manage adequate staff coverage, shifts and redundancy to appropriately meet business needs

  • Ensure team members receive consistent messages and clearly understands business direction, strategy and expected results

  • Motivate and engage staff to excel and continuously improve in keeping the enterprise compliant with regulatory requirements and Entergy policies

  • Manage career development, stretch opportunities and training needs of the team

  • Maintain expert insights regarding emerging regulations relevant to Entergy’s business

  • Assist VP of Information Security (VPIS) with managing all aspects of regulatory compliance and reporting

Experiences needed

  • Seven to ten years of regulatory compliance and auditing experience as it relates to IT Security

  • 5+ years of work experience managing a regulatory compliance function within a utility or related industry

  • Solid executive level communication skills with internal stakeholders and regulatory agencies

  • Broad experience with Cyber security operations

  • Demonstrated experience managing direct, indirect, and outsourced resources

  • Experience managing operations playbooks, run books, and performance measures

  • Strong performance maintaining and optimizing operations leveraging industry best practices

Minimum knowledge, skills, and abilities required of the position

  • Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)

  • Knowledge of security, risk, and control frameworks and standards such as ISO 27001, NIST, FISMA & COBIT

  • Knowledge of current regulations as it pertains to Entergy’s business

  • Ability to quickly adapt to changing events and priorities and realign resources as needed

  • Ability to translate complex technical information into terms and products useful to executive management/C-suite

  • Excellent social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences

  • Available to travel

  • Comfortable working in high stress and ambiguous environments

  • Capable of meeting deadlines and budgets

  • Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards

Education

Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience. Advanced degree preferred.

Any certificates, licenses, etc., required for the position

  • ISACA certification, such as CISSP, CISM, CISA required

  • PMP considered a plus

WORKING CONDITIONS

Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

#LI-SP1

Primary Location: Texas-Woodlands

Job Function :Information Technology

FLSA Status :Professional

Relocation Option: Approved in accordance with the Entergy guidelines

Union description/code :NON BARGAINING UNIT-NBU

Number of Openings :1

Req ID: 82406

Travel Percentage :Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement

Nearest Major Market: Houston

Job Segment: Compliance, Regulatory Affairs, Law, Supply Chain Manager, Risk Management, Legal, Operations, Finance

Apply now »