Security Policy & Compliance Coordinator (New Orleans, Louisiana, United States) - Entergy

Job Title: Security Policy & Compliance Coordinator

Work Place Flexibility: Hybrid 

Legal Entity: Entergy Services, Inc.-ESI (OLD) 

This position may be filled as a Policy & Compliance Coordinator or Senior Policy & Compliance Coordinator based on the qualifications and experience of the selected candidate.

*** The preferred location for this position is New Orleans LA, The Woodlands TX, Little Rock AR, Jackson MS or Washington DC. Other locations within Entergy’s service territory may be considered ***

Job Summary/Purpose

The Security Policy & Compliance Coordinator is responsible for developing, managing, and coordinating compliance to enterprise-wide security policies, standards, and guidelines in accordance with Entergy System policies, regulatory requirements, and industry best practices. They work directly with all lines of business to produce policies, track compliance, demonstrate operationalization and effectiveness of policy through metrics, and to raise employee awareness around security risks. This role drives the mitigation of security related risks and enables secure operations through operational and executive level metrics around security program execution and security program maturity objectives and by supporting security policy development. 

Job Duties/Responsibilities (Policy & Compliance Coordinator)

• Support the Enterprise Security strategy via policy and procedure development
• Partner with pertinent business SMEs to draft policy
• Support development of training and awareness materials that help drive a culture of security and compliance
• Support development of communications for policy roll out or policy update
• Develop and maintain metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies
• Support the use of metrics in identifying non-compliance with policy or with regulatory compliance; areas requiring a stronger culture of security; and areas where compliance with policy is not sufficient to manage risk

 Job Duties/Responsibilities (Senior Policy & Compliance Coordinator)

• Manage security metrics program that is responsible for development and maintenance of operational and executive level metrics around security program execution and effectiveness 
• Develop metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies
• Maintain dashboards of key performance and risk indicators for executive consumption and decision making
• Use metrics to identify areas where compliance with existing policy is not sufficient to support regulatory compliance or where compliance is not sufficient to manage risk
• Support the Enterprise Security strategy via policy and procedure development
• Partner with pertinent business SMEs to draft policy
• Support development of training and awareness materials that help drive a culture of security and compliance
• Support development of communications for policy roll out or policy update

Minimum Requirements

Minimum education and experience required of the position:

• Policy & Compliance Coordinator: Bachelor’s Degree and 6+ years’ experience in policy development, standards development, compliance or risk management is required or in lieu of a degree 10+ years’ experience in policy development, standards development, compliance or risk management is required. 2+ years of security experience is required. Advanced degree is a plus.
• Policy & Compliance Coordinator, Sr: Bachelor’s Degree and 10+ years’ experience in policy development, standards development, metrics development, executive reporting, compliance or risk management is required or in lieu of a degree 14+ years’ experience in policy development, standards development, compliance or risk management is required. 2+ years of security experience is required. Advanced degree is a plus.

Minimum knowledge, skills and abilities required of the Policy & Compliance Coordinator position:

• Experience managing projects and/or programs in a highly outsourced or matrixed environment is a plus
• Strong knowledge of the NIST Cybersecurity Framework and NIST 800-53
• Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls and the DOD Cybersecurity Maturity Model Certification framework) is a plus;
• Ability to establish control objectives and performance measures based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis
• Ability to identify complex control gaps and the related business risk
• Familiarity with regulatory bodies and requirements impacting the utility industry (e.g. Sarbanes Oxley Act, NERC, FERC, Smart Meter/Smart Grid, HIPAA, FCC, PCI DSS, NRC Cyber) is a plus
• Familiarity with use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)
• Strong oral and written communication skills
• Independently sets priorities and work schedule, driving work efforts to resolution with input on only the most complex projects
• Exercises independent judgment and discretion in matters of significance with broad scope and high complexity

Minimum knowledge, skills and abilities required of the Senior Policy & Compliance Coordinator position:

• Ability to analyze large amounts of technical data and structure such information for the purposes of clearly demonstrating security performance
• Ability to apply statistical and logical techniques to describe, illustrate, condense, summarize, and evaluate data.
• Ability to synthesize and analyze various types of data to reach a decision, make a recommendation, or to compile reports, briefings, or executive summaries
• Knowledge of principles, methods, and tools used to collect, store and organize data to maximize the value, quality, and usability of data resources
• Experience in use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)
• Ability to establish control objectives and performance measures based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis
• Ability to identify complex control gaps and the related business risk
• Experience managing projects and/or programs in a highly outsourced or matrixed environment is a plus
• Strong knowledge of the NIST Cybersecurity Framework and NIST 800-53
• Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls and the DOD Cybersecurity Maturity Model Certification framework) is a plus;
• Familiarity with regulatory bodies and requirements impacting the utility industry (e.g. Sarbanes Oxley Act, NERC, FERC, Smart Meter/Smart Grid, HIPAA, FCC, PCI DSS, NRC Cyber) is a plus
• Strong oral and written communication skills
• Independently sets priorities and work schedule, driving work efforts to resolution with input on only the most complex projects
• Exercises independent judgment and discretion in matters of significance with broad scope and high complexity

Any certificates, licenses, etc. required for the position:

One or more of the following certifications is a plus;

• Certified Information Systems Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Systems Auditor (CISA)
• PMP or other project management certification

#LI-HYBRID

#LI-DH1

Primary Location: Louisiana-New Orleans Louisiana : New Orleans || Arkansas : Little Rock || District of Columbia : Washington || Mississippi : Jackson || Texas : The Woodlands 
Job Function: Professional
FLSA Status: Professional 
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT 
Number of Openings: 1
Req ID: 116655
Travel Percentage:Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEI page, or see statements below.

EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. 

The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.  41 CFR 60-1.35(c). Equal Opportunity and Pay Transparency.

Pay Transparency Notice:

Pay Transparency Nondiscrimination Provision (dol.gov)

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment.  Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.