Apply on Employer Site

Entergy · 1 day ago

Security Policy & Compliance Coordinator Sr.

New Orleans, LA

Full-time

Hybrid

Senior Level, Lead/Staff

10+ years exp

Entergy is a leading energy company, and they are seeking a Security Policy & Compliance Coordinator Sr. to develop and manage compliance with enterprise-wide security policies. This role involves working with various business lines to track compliance, mitigate security risks, and support security policy development.

Electrical DistributionEnergyMarketingPower GridRetail TechnologyTrading Platform

No H1B

Responsibilities

Support the Enterprise Security strategy via policy and procedure development

Partner with pertinent business SMEs to draft policy

Support development of training and awareness materials that help drive a culture of security and compliance

Support development of communications for policy roll out or policy update

Develop and maintain metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies

Support the use of metrics in identifying non-compliance with policy or with regulatory compliance; areas requiring a stronger culture of security; and areas where compliance with policy is not sufficient to manage risk

Manage security metrics program that is responsible for development and maintenance of operational and executive level metrics around security program execution and effectiveness

Develop metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies

Maintain dashboards of key performance and risk indicators for executive consumption and decision making

Use metrics to identify areas where compliance with existing policy is not sufficient to support regulatory compliance or where compliance is not sufficient to manage risk

Support the Enterprise Security strategy via policy and procedure development

Partner with pertinent business SMEs to draft policy

Support development of training and awareness materials that help drive a culture of security and compliance

Support development of communications for policy roll out or policy update

Qualification

Policy developmentCompliance managementRisk managementNIST Cybersecurity FrameworkMetrics developmentBusiness analyticsAudit frameworksProject managementIndependent judgmentCommunication skills

Required

Bachelor's Degree and 6+ years' experience in policy development, standards development, compliance or risk management is required or in lieu of a degree 10+ years' experience in policy development, standards development, compliance or risk management is required

2+ years of security experience is required

Bachelor's Degree and 10+ years' experience in policy development, standards development, metrics development, executive reporting, compliance or risk management is required or in lieu of a degree 14+ years' experience in policy development, standards development, compliance or risk management is required

2+ years of security experience is required

Experience managing projects and/or programs in a highly outsourced or matrixed environment is a plus

Strong knowledge of the NIST Cybersecurity Framework and NIST 800-53

Ability to establish control objectives and performance measures based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis

Ability to identify complex control gaps and the related business risk

Strong oral and written communication skills

Independently sets priorities and work schedule, driving work efforts to resolution with input on only the most complex projects

Exercises independent judgment and discretion in matters of significance with broad scope and high complexity

Preferred

Advanced degree is a plus

Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls and the DOD Cybersecurity Maturity Model Certification framework) is a plus

Familiarity with regulatory bodies and requirements impacting the utility industry (e.g. Sarbanes Oxley Act, NERC, FERC, Smart Meter/Smart Grid, HIPAA, FCC, PCI DSS, NRC Cyber) is a plus

Familiarity with use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)

Ability to analyze large amounts of technical data and structure such information for the purposes of clearly demonstrating security performance

Ability to apply statistical and logical techniques to describe, illustrate, condense, summarize, and evaluate data

Ability to synthesize and analyze various types of data to reach a decision, make a recommendation, or to compile reports, briefings, or executive summaries

Knowledge of principles, methods, and tools used to collect, store and organize data to maximize the value, quality, and usability of data resources

Experience in use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)

Experience managing projects and/or programs in a highly outsourced or matrixed environment is a plus

One or more of the following certifications is a plus: Certified Information Systems Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), PMP or other project management certification