Risk Analyst Lead
Work Place Flexibility : Hybrid
Legal Entity : Entergy Services, LLC
JOB SUMMARY / PURPOSE
The Risk Analyst Lead is responsible for assisting with the implementation and monitoring of Entergy’s vendor management processes.
They are responsible for verification and audit of security controls for third-party vendors and internal Entergy projects.
They perform assessments, verifications, reviews and audits of security / privacy control reports and overall security / privacy stance across the enterprise, including vendors and third-party relationships.
They conduct security testing and evaluations of system security controls (production and project) as necessary.
The Risk Analyst Lead works directly with all lines of business to track vendor review requests, gather data on the vendors and reports out to management on the status of these requests.
They will also assist the CSO department to raise employee awareness of security risks and methods to protect company critical infrastructure, data and assets.
This role drives security control objectives to mitigate the risk from existing and evolving vulnerabilities and threats for on-site, off-shore and cloud solutions.
JOB DUTIES / RESPONSIBILITIES
- Tracks Vendor Assessment Review Requests and communicates status to requestors
- Reviews assessment reports against asset control objectives to determine effectiveness
- Completes vendor risk assessments (vendor assessments, supply chain assessments, etc.) as necessary
- Reports out on control testing through Controls Dashboard
- Prepares summary and detailed reports on vendor risk across the enterprise
- Provides guidance to the business to ensure requirements of the VRM program are fully understood.
- Present reports of high-risk vendor contracts and procurement high risks / ineffective controls and highlights vendor risks and the action planned to address inadequate controls to executive management
- Lead assessment of vendor risks, develop mitigation plans and partner with internal stakeholders to assign monitoring responsibility
- Partner with Business Units & internal support functions to help ensure that all risk assessment and mitigation requirements have been met
- Perform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities.
Collect, organize, and distribute reports & documents & recommend enhancements to reporting & audit tools
- Analyze, update, and modify procedures and processes to identify and continuously implement vendor risk management process improvements
- Stay informed about the latest developments in the vendor risk management field
MINIMUM REQUIREMENTS
Minimum education required of the position
Bachelor’s degree in Business, Computer Science or related field, or equivalent work experience
Minimum experience required of the position
5+ years of experience in internal or external auditing, security testing, or risk management and analysis
3+ general IT experience
3+ years of IT security or IT risk management experience
Minimum knowledge, skills and abilities required of the position
- Excellent problem-solving and decision making ability
- Excellent written and verbal communication skills
- Excellent technical documentation skills
- Professional demeanor, exceptional interpersonal skills, including teamwork, facilitation and negotiation
- Team player, highly collaborative, able to work cross-functionally
- Resourceful and self-motivated, able to work independently when required
- Able to lead teams of up to five individuals in Assessments and cross-functional activities
- Broad breadth of technical skills and experience in IT, security, and privacy
- Excellent planning, organizational and project management skills; detail and process-oriented; able to multi-task a number of different projects
- Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls, NIST, UCF) and government guidelines and laws (e.
g. Sarbanes Oxley Act, NERC / CIP, HIPAA, FCC)
Strong understanding of regulatory requirements impacting the utility industry (SOX, HIPAA, NERC CIP, Smart Meter / Smart Grid, etc.
with subject matter expert knowledge in one or more areas
Desired Skills
- Knowledge of Vendor Risk Management tools
- Knowledge of Micrsoft PowerBI
Any certificates, licenses, etc. required for the position
One or more of the following certifications or comparable :
- Certified Third Party Risk Professional (CTPRP)
- Certified Third Party Risk Assessor (CTPRA)
- Certified Authorization Professional (CAP)
- Certified Information Systems Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified Information Systems Auditor (CISA)
- Certified Protection Profession (CPP)
OTHER ATTRIBUTES
Functional Knowledge : Security Control frameworks and testing tools and procedures
Business Expertise : Security control impact and mitigation coordination
Leadership : Able to lead teams of up to five individuals in A&V and cross-functional activities
Problem Solving : Planning, organizational and project management skills; detail and process-oriented; able to multi-task a number of different projects
Impact : System security posture
Interpersonal Skills : Collaboration, Self-Starter
LI-SB1
LI-HYBRID
Primary Location : Texas-The Woodlands Arkansas : Little Rock Louisiana : New Orleans Mississippi : Jackson Texas : The Woodlands
Job Function : Professional
FLSA Status : Professional
Relocation Option : No Relocation Offered
Union description / code : NON BARGAINING UNIT
Number of Openings : 1
Req ID : 115382
Travel Percentage : Up to 25%
An Equal Opportunity Employer, Minority / Female / Disability / Vets. Please click here to view the EEI page, or see statements below.
EEO Statement : The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws.
The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status.
Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility : Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf.
If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for.
Employee Services will contact you regarding your request.
Additional Responsibilities : As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and / or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company.
Exempt employees may not be paid overtime associated with such duties.
Entergy Pay Transparency Policy Statement : The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.
41 CFR 60-1.35(c). Equal Opportunity and Pay Transparency .
Pay Transparency Notice :
Pay Transparency Nondiscrimination Provision (dol.gov)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment.
Please contact [email protected] to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS :
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and / or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company.
Exempt employees may not be paid overtime associated with such duties.
Please note : Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.