Security Risk Coordinator, Sr. (The Woodlands, Texas, United States)

About The Position

Requirements

• Bachelor's Degree in Information Systems, Information Assurance, Risk Management or related degree
• 5+ years of information security, critical information protection, information technology, risk management, data analysis, or project management experience
• Planning, organizational and project management skills; detail and process-oriented; able to juggle multiple priorities in a fast-paced environment
• Problem-solving/decision making ability
• Written and verbal communication skills, able to explain complex issues in clear and concise terms
• Interpersonal skills, including teamwork, facilitation and negotiation
• Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively

Nice To Haves

• Understanding of risk management frameworks (NIST 800-39 " Managing Information Security Risk ", NISTIR 8286 "Integrating Cybersecurity and Enterprise Risk Management (ERM) ", The Open FAIR (Factor Analysis of Information Risk), COSO Enterprise Risk Management, etc.)
• Understanding of logical and physical security technologies and controls (NIST CSF, NIST 800-53, etc.)
• Understanding of privacy protection best practices and technical requirements
• Technology (Archer GRC/ServiceNow GRC or GRC platforms, Microsoft Power BI or other Data Analytics, Quantitative Risk, other risk management platforms)
• Certified Information Systems Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Systems Auditor (CISA)
• Certified Protection Profession (CPP)

Responsibilities

• Risk Identification and Assessment
• Lead and enhance programs for risk assessment /advisement on new technologies, critical infrastructure protection, logical cyber and physical security controls, and data protection measures
• Identify, evaluate, and prioritize risk treatment
• Conduct security reviews of corporate and operational technology infrastructure
• Risk Management Program
• Develop and acquire expertise in the areas of technology and regulations to ensure Entergy's security posture and reliability standards are appropriately aligned to target risk thresholds
• Provide security risk expertise and guidance to a diverse set of Entergy enterprise and operational technology stakeholders
• Execute and create security risk management program practices and execution of security policies and requirements
• Lead and drive the creation, maintenance and implementation of enterprise, operational, and critical infrastructure protection risk activities
• Apply cybersecurity & risk management framework knowledge to drive risk identification across the enterprise
• Compliance, Reporting, and Risk Metrics
• Design and communicate risk details to team members during risk ranking sessions and ensure risk trends are identified
• Track and manage risks identified through the security exception process or the cyber or physical risk review process
• Develop key risk indicator (KRI) metrics and reporting processes associated with Entergy's security risk to be utilized in executive reporting and dashboards including the use of technology including GRC platforms and artificial intelligence risk methods
• Coordination
• Coordinate with peer CSO functions to address security gaps within the three lines of defense as they arise through the risk exception process including identifying root causes and trends
• Liaise with Lines of Business on security and reliability risks identified through the exception process or as new technologies and related projects are initiated
• Guide business unit stakeholders on the mitigation strategies for requested exceptions
• Facilitate line of business understanding of the impact of all mission critical business processes
• Apply cybersecurity & risk management framework knowledge to drive risk identification across the enterprise
• Procedure Development
• Develop and assist in data and risk management process and procedure development
• Data Protection & Privacy
• Assist in data protection and privacy program governance and oversight activities