BRIEF POSITION DESCRIPTION
We seek an experienced, action-oriented IT Governance, Risk & Compliance Analyst. This role is critical to IT / Security risk management, and compliance with regulatory requirements including, specifically, North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP) Reliability Standards, and with Sarbanes Oxley (SOX) requirements.
Our mission is to reduce risks to the reliability and security of the electric grid. Our priorities are to succeed as One Team and deliver the commercially relevant outcomes essential to our customers and to the communities we serve. We value integrity, teamwork, and diverse perspectives. By joining our team, you can advance your career, influence compliance performance, and directly contribute to our shared success.
KEY RESPONSIBILITIES
Governance
- Support development, implementation and maintenance of strong governance, risk & compliance processes.
- Continuously improve the security framework, methodology, standards, and system of internal controls.
- Govern and report on findings, track status, and ensure corrective actions are complete and sustainable.
- Support operational reporting, management communications, and executive governance committees.
- Support and/or lead continuous improvement initiatives to deliver on operational and strategic goals
- Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and compliance partners.
Risk and Compliance
- Support risk identification & assessment, response & mitigation, control monitoring & reporting.
- Gather and evaluate information, including to support Auditors, Regulators, and compliance partners.
- Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance.
- Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues.
- Support issue management, risk acceptances, and the IT Security - Corrective Action Program.
- Deliver high quality reporting (data, reports, presentations), communicating effectively in both technical and business terms.
- Support workforce security activities including culture, awareness and training.
GRC Systems Administration
- Support operation and administration of GRC systems for Information Security & IT (RSA Archer and Entergy systems).
- Support, develop, and configure GRC system services and improvements (RSA Archer).
- Specialize in Archer data feeds, questionnaires, work-flows, access controls, reports, and dashboards.
- Serves as a resource to Information Security and IT team members on GRC matters.
EXPERIENCE REQUIRED
IT Business Analyst:
- 3 to 5 years in a risk and compliance function with expertise and accomplishments directly relevant to the position.
IT Business Analyst, Sr:
- 5 to 7+ years in a risk and compliance function with expertise and accomplishments directly relevant to the position.
EXPERTISE REQUIRED
- IT & Security governance, risk, and compliance frameworks and practices (e.g. COBIT, NIST-CSF, ISO).
- IT & Security risk & security controls (e.g. cyber security, network, infrastructure, applications, and projects).
- Internal control implementation, including the evaluation of the design and operating effectiveness of controls
- Advanced knowledge of testing techniques and data analysis principles, as well as the ability to interpret results.
- IT & Security audit, risk and compliance.
- Proficiency with GRC systems (i.e. RSA Archer).
- Advanced-level communication, presentation, and relationship management skills.
SKILLS AND BEHAVIORS
- Drive multiple complex projects, achieve key milestones, with ability to reprioritize work in a fast-paced environment.
- Sustain effective engagement with IT, Security, and Compliance business partners, and with Auditors, and Regulators.
- Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
- Must manage ambiguity, perform in a fast-paced environment, and resolve urgent and competing demands.
- Must support planned & unplanned workload demands, with the measured courage to say "no," to focus on key priorities.
- Perform other duties and responsibilities, as assigned.
- Must be willing and able to work flexible hours and go above-&-beyond to deliver outcomes.
EDUCATION REQUIRED
- Bachelor's degree or four years of relevant experience required.
- Advanced degree preferred.
ANY CERTIFICATES, LICENSES ETC., REQUIRED FOR THE POSITION
Must demonstrate commitment to professional development.
- One or more relevant qualifications; e.g.: CRISC, CISSP, CISM, CISA.
- Preferred: Archer Certification.
Req ID: 96487
Entergy Corporation
639 Loyola Ave
New Orleans
Louisiana United States
www.entergy.com
