at Entergy in Little Rock, Arkansas, United States
Job Description
Job Title: Security Policy & Compliance Coordinator
Work Place Flexibility: Hybrid
Legal Entity: Entergy Services, Inc.-ESI (OLD)
This position may be filled as a Policy & Compliance Coordinator or Senior Policy & Compliance Coordinator based on the qualifications and experience of the selected candidate.
- The preferred location for this position is New Orleans LA, The Woodlands TX, Little Rock AR, Jackson MS or Washington DC. Other locations within Entergy’s service territory may be considered *
Job Summary/Purpose
The Security Policy & Compliance Coordinator is responsible for developing, managing, and coordinating compliance to enterprise-wide security policies, standards, and guidelines in accordance with Entergy System policies, regulatory requirements, and industry best practices. They work directly with all lines of business to produce policies, track compliance, demonstrate operationalization and effectiveness of policy through metrics, and to raise employee awareness around security risks. This role drives the mitigation of security related risks and enables secure operations through operational and executive level metrics around security program execution and security program maturity objectives and by supporting security policy development.
Job Duties/Responsibilities (Policy & Compliance Coordinator)
+ Support the Enterprise Security strategy via policy and procedure development
+ Partner with pertinent business SMEs to draft policy
+ Support development of training and awareness materials that help drive a culture of security and compliance
+ Support development of communications for policy roll out or policy update
+ Develop and maintain metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies
+ Support the use of metrics in identifying non-compliance with policy or with regulatory compliance; areas requiring a stronger culture of security; and areas where compliance with policy is not sufficient to manage risk
Job Duties/Responsibilities (Senior Policy & Compliance Coordinator)
+ Manage security metrics program that is responsible for development and maintenance of operational and executive level metrics around security program execution and effectiveness
+ Develop metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies
+ Maintain dashboards of key performance and risk indicators for executive consumption and decision making
+ Use metrics to identify areas where compliance with existing policy is not sufficient to support regulatory compliance or where compliance is not sufficient to manage risk
+ Support the Enterprise Security strategy via policy and procedure development
+ Partner with pertinent business SMEs to draft policy
+ Support development of training and awareness materials that help drive a culture of security and compliance
+ Support development of communications for policy roll out or policy update
Minimum Requirements
Minimum education and experience required of the position:
+ Policy & Compliance Coordinator: Bachelor’s Degree and 6+ years’ experience in policy development, standards development, compliance or risk management is required or in lieu of a degree 10+ years’ experience in policy development, standards development, compliance or risk management is required. 2+ years of security experience is required. Advanced degree is a plus.
+ Policy & Compliance Coordinator, Sr: Bachelor’s Degree and 10+ years’ experience in policy development, standards development, metrics development, executive reporting, compliance or risk management is required or in lieu of a degree 14+ years’ experience in policy development, standards development, compliance or risk management is required. 2+ years of security experience is required. Advanced degree is a plus.
Minimum knowledge, skills and abilities required of the Policy & Compliance Coordinator position:
+ Experience managing projects and/or programs in a highly outsourced or matrixed environment is a plus
+ Strong knowledge of the NIST Cybersecurity Framework and NIST 800-53
+ Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls and the DOD Cybersecurity Maturity Model Certification framework) is a plus;
+ Ability to establish control objectives and performance measures based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis
+ Ability to identify complex control gaps and the related business risk
+ Familiarity with regulatory bodies and requirements impacting the utility industry (e.g. Sarbanes Oxley Act, NERC, FERC, Smart Meter/Smart Grid, HIPAA, FCC, PCI DSS, NRC Cyber) is a plus
+ Familiarity with use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)
+ Strong oral and written communication skills
+ Independently sets priorities and work schedule, driving work efforts to resolution with input on only the most complex projects
+ Exercises independent judgment and discretion in matters of significance with broad scope and high complexity
Minimum knowledge, skills and abilities required of the Senior Policy & Compliance Coordinator position:
+ Ability to analyze large amounts of technical data and structure such information for the purposes of clearly demonstrating security performance
+ Ability to apply statistical and logical techniques to describe, illustrate, condense, summarize, and evaluate data.
+ Ability to synthesize and analyze various types of data to reach a decision, make a recommendation, or to compile reports, briefings, or executive summaries
+ Knowledge of principles, methods, and tools used to collect, store and organize data to maximize the value, quality, and usability of data resources
+ Experience in use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)
+ Ability to establish control objectives and performance measures based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis
+ Ability to identify complex control gaps and the related business risk
+ Experience managing projects and/or programs in a highly outsourced or matrixed environment is a plus
+ Strong knowledge of the NIST Cybersecurity Framework and NIST 800-53
+ Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls and the DOD Cybersecurity Maturity Model Certification framework) is a plus;
+ Familiarity with regulatory bodies and requirements impacting the utility industry (e.g. Sarbanes Oxley Act, NERC, FERC, Smart Meter/Smart Grid, HIPAA, FCC, PCI DSS, NRC Cyber) is a plus
+ Strong oral and written communication skills
+ Independently sets priorities and work schedule, driving work efforts to resolution with input on only the most complex projects
+ Exercises independent judgment and discretion in matters of significance with broad scope and high complexity
Any certificates, licenses, etc. required for the position:
One or more of the following certifications is a plus;
+ Certified Information Systems Manager (CISM)
+ Certified Information Systems Security Professional (CISSP)
+ Certified in Risk and Information Systems Control (CRISC)
+ Certified in the Governance of Enterprise IT (CGEIT)
+ Certified Information Systems Auditor (CISA)
+ PMP or other project management certification
\#LI-HYBRID
\#LI-DH1
Primary Location: Louisiana-New Orleans Louisiana : New Orleans || Arkansas : Little Rock || District of Columbia
To view full details and how to apply, please login or create a Job Seeker account