Entergy - Washington, DC

posted 17 days ago

Full-time - Mid Level
Washington, DC
Utilities

About the position

The Security Policy & Compliance Coordinator is responsible for developing, managing, and coordinating compliance with enterprise-wide security policies, standards, and guidelines. This role involves working with various business lines to produce policies, track compliance, and raise employee awareness about security risks. The coordinator drives the mitigation of security-related risks and supports the development of security policies through operational and executive-level metrics.

Responsibilities

  • Support the Enterprise Security strategy via policy and procedure development
  • Partner with pertinent business SMEs to draft policy
  • Support development of training and awareness materials that help drive a culture of security and compliance
  • Support development of communications for policy roll out or policy update
  • Develop and maintain metrics for centralized monitoring and reporting of key performance and risk indicators, as well as compliance against company security policies
  • Support the use of metrics in identifying non-compliance with policy or with regulatory compliance; areas requiring a stronger culture of security; and areas where compliance with policy is not sufficient to manage risk
  • Manage security metrics program that is responsible for development and maintenance of operational and executive level metrics around security program execution and effectiveness
  • Maintain dashboards of key performance and risk indicators for executive consumption and decision making
  • Use metrics to identify areas where compliance with existing policy is not sufficient to support regulatory compliance or where compliance is not sufficient to manage risk

Requirements

  • Bachelor's Degree and 6+ years' experience in policy development, standards development, compliance or risk management, or in lieu of a degree, 10+ years' experience in the same fields
  • 2+ years of security experience
  • Strong knowledge of the NIST Cybersecurity Framework and NIST 800-53
  • Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls, DOD Cybersecurity Maturity Model Certification)
  • Ability to establish control objectives and performance measures based on complex regulatory requirements, company policy, standards, and guidelines, and risk analysis
  • Ability to identify complex control gaps and the related business risk
  • Familiarity with regulatory bodies and requirements impacting the utility industry (e.g. Sarbanes Oxley Act, NERC, FERC, HIPAA, FCC, PCI DSS, NRC Cyber)
  • Strong oral and written communication skills
  • Independently sets priorities and work schedule, driving work efforts to resolution with input on only the most complex projects
  • Exercises independent judgment and discretion in matters of significance with broad scope and high complexity

Nice-to-haves

  • Experience managing projects and/or programs in a highly outsourced or matrixed environment
  • Familiarity with use of business analytics technologies to ingest and analyze data and create reports (e.g. PowerBI)
  • Advanced degree is a plus
  • One or more of the following certifications: CISM, CISSP, CRISC, CGEIT, CISA, PMP or other project management certification

Benefits

  • Hybrid work flexibility
  • Professional development opportunities
  • Health insurance
  • 401k retirement plan
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service