Job Title: Cybersecurity Analyst I-II Work Place Flexibility: Hybrid Legal Entity: Entergy Services, LLC

*This is hybrid position located in The Woodlands, TX or New Orleans, LA. Relocation assistance and sponsorship is not provided. The official job title for this position will be Cybersecurity Analyst I or Cybersecurity Analyst II depending on the selected candidate’s qualifications and experience.*

Brief Position Description: The Security and Regulatory Compliance group applies frameworks to ensure that the security organization's practices remain observant to all compliance directives required by NERC Critical Infrastructure Protection (CIP) and Sarbanes-Oxley (SOX)). The Analyst will support the tracking and trending of compliance effectiveness and propose program adjustments to address issues. This position in the Security and Regulatory Compliance group will provide support to ensure Entergy adapts to emerging regulations and work to continually improve the security organization’s regulatory compliance posture. The role is critical to ensure Cybersecurity complies with all applicable federal, state, and local regulatory requirements.

Key responsibilities include:

• Participate in risk assessments to identify risks and opportunities designed to improve business processes and information systems across the company.
• Maintain customer relationships with members of Entergy’s management team to identify sources of risk or areas for improvement.
• Support Audit and risk assessment activities through data analytics and query development.
• Discuss audit findings with operating personnel to verify facts and obtain background information not available in the documentation examined. Present value-added suggestions for resolution of audit findings.
• Prepare formal written reports, expressing opinions on the adequacy and effectiveness of the system and the efficiency with which activities are carried out, including findings and recommendations of corrective actions for deficiencies.
• Coordinate the regulatory program within Cybersecurity to ensure strict adherence with NERC CIP and SOX requirements.
• Assist with the documentation of Cybersecurity processes and procedures into process flows.
• Apply a risk-based approach to determine areas of weakness using frameworks such as COBIT and NIST.
• Assist with compliance assessments of Entergy policies and regulatory requirements across the various CS groups.
• Coordinate and communicate with technical resources, control owners, and internal and external auditors.
• Contribute to gap analysis and application of control standards to IT General Controls (ITGCs).
• Track Key Performance Indicators (KPI) to measure the Cybersecurity organization's effectiveness and communicate findings.
• Deliver continuous improvement of Cybersecurity’s compliance with regulatory and company standards.
• Maintain awareness of changing regulatory requirements.
• Integrate data from multiple sources to draw conclusions regarding Entergy’s regulatory compliance.
• Deliver process excellence by maintaining a strong culture of regulatory compliance at Entergy.

Experience needed

• Cybersecurity Analyst I: 0-2+ years of cybersecurity operations and/or compliance experience
• Cybersecurity Analyst II: 2-4 years of cybersecurity operations and/or compliance experience
• Good communication skills
• Exposure to cloud security, network security, and/or vulnerability management is a plus
• Some experience maintaining operations leveraging industry best practices
• Experience with data analysis, data integration, and data validation activities

Minimum knowledge, skills, and abilities required of the position

• General knowledge of Information Technology regulations such as SOX and NERC CIP Compliance
• Provided support for Information Technology during audits/assessments
• Understanding of multiple cyber security domains, such as:
• • Asset, Change, and Configuration Management
  • Threat and Vulnerability Management
  • Risk Management
  • Identity and Access Management
  • Situational Awareness
  • Incident Response and Continuity of Operations
  • Third-Party Risk Management
  • Cybersecurity Architecture
  • Cybersecurity Program Management
• Understanding of SIEM, configuration and monitoring, and malicious software prevention technologies such as Splunk, Tripwire, Symantec, BeyondTrust, Dragos, etc.
• Knowledge of multiple OS and platforms (e.g. Windows, Linux, UNIX, Cisco iOS, Checkpoint GAIA, etc.)
• Understanding of current cyber security trends and best practices in technology, as well as monitoring best practices and tools
• Ability to quickly adapt to changing events and priorities
• Social, verbal, and written communication skills, with ability to effectively present analytical data
• Detail oriented with the ability to interpret regulatory requests and corresponding data
• Comfortable working in high stress and ambiguous environments
• Capable of meeting deadlines
• Learning mindset
• Available to travel

Education Bachelor’s degree strongly preferred in computer science, cybersecurity, internal audit or a related discipline or equivalent work experience. Master’s degree a plus.

Any certificates, licenses, etc., required for the position ISACA certification, such as CISSP, CISM, CISA preferred