Entergy Senior Manager, Access Management in Woodlands, Texas

Senior Manager, Access Management

Apply now »

Date: Sep 13, 2018

Location: Woodlands, TX, US

Company: Entergy

Brief Position Description

The Sr Manager of Access Management provides leadership and direction to the Identity Management, Data Security and Investigation and Physical Security technology teams within Information Security providing line management, leadership and strategic direction for these functions. The Sr Manager partners with both business and technology groups to ensure that the proposed technical solutions not only align with the company’s overall objectives, but also ensures that both groups enable and drive each other to meet the needs of the company’s mission and vision. The role is responsible for ensuring that the identity management, data security and physical security technology solutions comply with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54).

The Sr Manager will support communications with governmental agencies, information sharing centers, and regulatory bodies to gather cyber security threat intelligence and stay abreast of impending cyber security laws and regulations.

The Sr Manager will report to the VP of Information Security (VPIS) and will lead a multi-functional team including 3 direct reports and staff of 21, and a flexible pool of contingent or 3 rd party workers depending on project needs.

Key responsibilities include:

  • Ownership and oversight for performance of the Identity Management Systems, Data Security and Investigations and Physical Security teams within IT Security, including development and execution of business plan, strategy and priorities

  • Develop and execute a strategy to ensure high quality solutions for Identity and Access Management and Physical Security to protect the enterprise and keep data secure

  • Oversee the architecture and technology roadmaps for all functions in the group

  • Coordinate with the architecture group to ensure all solutions are aligned with the enterprise architecture strategy

  • Drive process excellence and maturity to push the envelope on a robust identity, access and data security program across all corporate IT and OT infrastructure

  • Responsible for ensuring the identity, data security and physical security solutions are in compliance with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)

  • Direct and evolve a world-class physical security, identity management and data security capability for all information and operational technology areas including power generation units, nuclear plants, electric substations, SCADA, distribution automation, advanced metering infrastructure (AMI)

  • Ensure close coordination with the Detection and Response teams to ensure proper onboarding and monitoring of all engineering solutions

  • Oversee technology and vendor assessments to validate that all tools within the portfolio are kept up to date and meet contractual requirements

  • Manage adequate staff coverage, shifts and redundancy to meet business needs

  • Drive the incident response process for major incidents, collaborate with a wide variety of stakeholders to put in place mitigations and remediation

  • Work with stakeholders to ensure all systems are designed and on-boarded to meet Detection and Response guidelines

  • Ensure team receives consistent messages and has clear understanding of business direction, strategy and results

  • Motivate and engage staff to excel and continuously improve in keeping the enterprise safe from cyber incidents

  • Manage career development, stretch opportunities and training needs of the team

  • Drive problem management within the Access Management teams

  • Oversee the collection and management of metrics to ensure effective and efficient Access Management performance

  • Must maintain expert insights into innovations in physical security, identity management and DLP solutions

  • Attend and participate in technical engagements with audit, regulators, clients, and third parties, when required

  • Assist VP of Information Security (VPIS) with the development and management of budget, technology, service, and solution and vendor roadmaps

Experiences needed

  • Seven to ten years of cyber security experience across multiple functions – identity management, physical security & DLP

  • 5+ years of work experience managing architecture and engineering related to cyber and physical security

  • Proven experience with electric-sector related regulations (e.g., SOX, HIPAA, NERC CIP, FERC, NRC Cyber, PCI) and applicability

  • Hands on experience in security operations, access management, data loss prevention (DLP), and physical security

  • Demonstrated experience managing direct, indirect, and outsourced resources

  • Experience managing operations playbooks, run books, and performance measures

  • Strong performance maintaining and optimizing operations leveraging industry best practices

Minimum knowledge, skills, and abilities required of the position

  • Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)

  • Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL

  • Knowledge of physical security and data loss prevention technologies

  • Clear understanding of cloud, hosted, on-premise, legacy and modern architectures to develop effective detection and response platforms

  • Ability to quickly adapt to changing events and priorities and realign resources as needed

  • Ability to translate complex technical information into terms and products useful to executive management/C-suite

  • Excellent social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences

  • Available to travel

  • Comfortable working in high stress and ambiguous environments

  • Capable of meeting deadlines and budgets

  • Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards

Education

Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience. Advanced degree preferred.

Any certificates, licenses, etc., required for the position

  • ISACA certification, such as CISSP, CISM, CISArequired

  • PMP considered a plus

WORKING CONDITIONS

Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

#LI-SP1

Primary Location: Texas-Woodlands

Job Function :Information Technology

FLSA Status :Professional

Relocation Option: Approved in accordance with the Entergy guidelines

Union description/code :NON BARGAINING UNIT-NBU

Number of Openings :1

Req ID: 82405

Travel Percentage :Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement

Nearest Major Market: Houston

Job Segment: Manager, Engineer, Law, Supply Chain Manager, Risk Management, Management, Engineering, Legal, Operations, Finance

Apply now »