Manager, Enterprise Security Architecture Job at Entergy
Work Place Flexibility: Hybrid
Legal Entity: Entergy Services, LLC
***This position may be filled at any location within Entergy's service territory - TX, LA, MS, AR***
Brief Position Description
The Enterprise Security Architecture Manager is responsible for defining, establishing, and modernizing a robust information security architecture to ensure security of all Corporate IT, Operational Technology (OT), and Internet of Things (IoT) enabled systems at Entergy. The manager will lead a team of security architects that provide support and services across the enterprise and collaborate with other teams to realize the architecture strategy by driving the implementation of security solutions to protect the enterprise and maintain compliance with all regulatory requirements. Drive continuous improvement of Entergy’s security posture to ensure the security of data and critical systems and will provide Subject Matter Expertise (SME) over security architecture and policies and procedures as it pertains to security across multiple platforms & technologies.
The Manager will manage a team of employees and a flexible pool of contingent or 3rd party depending on project needs.
Key responsibilities include:
- Lead the direction of information security through the development of an information security strategy that addresses the threats to the Entergy environment.
- Collaborate with engineering teams to drive security roadmaps by providing security requirements that map security controls and patterns to products, services, and threats.
- Serve as the Security Lead in the design, implementation, and integration phases of cloud-based solutions to meet client and firm security requirements, address enterprise risks and exposures in cloud-based solutions
- Define information security controls and patterns that support risk assessments and support the development of secure architectures.
- Provide technical security expertise to solutions including communicating security architectural decisions, benefits, and risks.
- Collaborate with technology architecture teams and business stakeholders by performing security analysis of proposed architectures, providing risk assessment feedback, including security requirements; provide security consulting services internally to the organization by giving security guidance and functioning as an information security subject matter expert.
- Deliver world-class security architecture for all corporate and operational technology needs, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
- Ensure security architecture & implementation complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
- Develop reference security architectures across applications, infrastructure, network, cloud, IoT, on-prem, mobile and physical environments
- Own and guide implementation of information security architecture strategy and technology roadmap to ensure the best balance of security, efficiency, effectiveness, and scalability while protecting against internal/external threats across all platforms
- Assist the Security Architecture and Engineering Director in conducting technology and vendor assessments to validate that information security technology portfolios are kept up to date and meet contractual requirements
- Identify new trends in systems security and data protection, and support business cases for investment in advancing security capabilities (DLP, IPS, SIEM, etc.) to improve Energy’s security posture.
- Attend and participate in technical engagements with audit, regulators, clients, and third parties, when required
- Determine staffing requirements, including recruiting, hiring, training, development, and retention of highly qualified team members
MINIMUM REQUIREMENTS:
Minimum Experiences needed
- Five plus years of cyber security and architecture experience across multiple disciplines (monitoring, network engineering, mobile devices, various endpoint architectures, application security, physical environments, etc.)
- Experienced people leader with direct management/supervision of employees, building teams, performance management and employee development.
- Practical technical experience within a Cyber Security role and at least 3 years of utility related or direct electric utility industry experience required
- Strong experience in building cyber resilient architecture, recommendation, and implementation of best practices to secure network and application infrastructure, protect information against unauthorized data access and loss, risk reduction and vulnerability mitigation
- Experience with Cyber security programs, specifically Enterprise Security Architecture to include reference security architecture creation, security program assessment, security operations, incident response, forensic analysis, threat intelligence, identity and access management, data protection, penetration testing, Web application security testing, vulnerability, and risk management
- Working knowledge of security products in on-prem, cloud and SaaS models, SIEMs, firewalls, security applications, vulnerability detection, network devices, and endpoint protection
- Experience with electric utility customer service, distribution grid technologies and SCADA operations, e.g., Smart Grid, AMI, SCADA, meter data management systems (MDMS), etc.
- Experience working with outsourced teams
- Demonstrated organizational and scheduling skills, strong time management skills
- Proven ability to lead a team of engineers, architects, and/or external resources
- Strategically oriented and can influence indirectly at the org and enterprise level as needed
- Expertise in working in partnership with colleagues throughout the enterprise, and in leading collaborative teams to achieve common goals
Minimum knowledge, skills, and abilities required of the position
- Knowledge of IT Security regulations and guidance such as NIST, FISMA & ISO27001
- Familiarity with The Open Group Architecture Framework (TOGAF), Open Web Application Security Project (OWASP), Open Security Architecture, National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture, or other architecture frameworks
- Able to be a hands-on manager with technical engineering and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization
- Well-versed in security technologies & implementation
- Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)
- Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
- Advanced knowledge of security technologies including Firewall, IDS/IPS/HIDS, anti-virus, SIEM, Vulnerability Scanning, Threat Intelligence sources, and familiarity with the MITRE ATT&CK framework and Cyber Kill Chain.
- Knowledge of current Information and Cyber Security trends
- Excellent report writing and ability to effectively communicate across the organization
- Available to travel
- Self-motivated, with the ability to manage and follow up on multiple tasks simultaneously
- Capable of meeting deadlines and budgets
- Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards
Minimum Education needed
Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work
Any certificates, licenses, etc., required for the position
ISACA certification, such as CISSP, CISM, CISA are a plus
Relevant vendor credentials offered by companies such as Symantec are a plus
#LI-JL1
#LI-HYBRID
Primary Location: Texas-The Woodlands Arkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson || Texas : The Woodlands
Job Function: Information Technology
FLSA Status: Exempt
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT
Number of Openings: 1
Req ID: 110890
Travel Percentage:Up to 25%
Job Function: Information Technology
FLSA Status: Exempt
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT
Number of Openings: 1
Req ID: 110890
Travel Percentage:Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEI page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click
here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information. 41 CFR 60-1.35(c).
Equal Opportunity and
Pay Transparency.
Pay Transparency Notice:
Pay Transparency Nondiscrimination Provision (dol.gov)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Please Note :
blog.nvalabs.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, blog.nvalabs.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.