Sox & Risk Analyst Ii Or Iii

Posting End Date: 02/15/2024 

Work Place Flexibility: Hybrid 

Legal Entity: Entergy Services, LLC 

***This position will be filled as a Analyst II or III depending on the candidate's experience and qualifications***

 

Brief Position Description:

The Security and Regulatory Compliance group applies frameworks to ensure that the security organization's practices remain observant to all compliance directives required by Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA). The Analyst will support the tracking and trending of compliance effectiveness and propose program adjustments to address issues. This position in the Security and Regulatory Compliance group will provide support to ensure Entergy adapts to emerging regulations and work to continually improve the security organization’s regulatory compliance posture. The role is critical to ensure Cybersecurity (CS) complies with all applicable federal, state & local regulatory requirements.

 

 Key responsibilities include:

• Participate in risk assessments to identify risks and opportunities designed to improve business processes and information systems across the company.
• Maintain customer relationships with members of Entergy’s management team to identify sources of risk or areas for improvement.
• Support Audit and risk assessment activities through data analytics and query development.
• Discuss audit findings with operating personnel to verify facts and obtain background information not available in the documentation examined. Present value-added suggestions for resolution of audit findings.
• Prepare formal written reports, expressing opinions on the adequacy and effectiveness of the system and the efficiency with which activities are carried out, including findings and recommendations of corrective actions for deficiencies.
• Coordinate the regulatory program within CS to ensure strict adherence with SOX and HIPAA requirements.
• Assist with the documentation of CS processes and procedures into process flows.
• Apply a risk-based approach to determine areas of weakness using frameworks such as COBIT and NIST.
• Assist with compliance assessments of Entergy policies and regulatory requirements across the various CS groups.
• Coordinate and communicate with technical resources, control owners, and internal and external auditors.
• Contribute to gap analysis and application of control standards to IT General Controls (ITGCs).
• Track Key Performance Indicators (KPI) to measure the CS organization's effectiveness and communicate findings.
• Identify potential compliance irregularities through the use of Key Risk Indicators (KRIs).
• Deliver continuous improvement of CS compliance with regulatory and company standards.
• Maintain awareness of changing regulatory requirements.
• Integrate data from multiple sources to draw conclusions regarding Entergy’s regulatory compliance.
• Deliver process excellence by maintaining a strong culture of regulatory compliance at Entergy.

 

 

Education needed

Bachelor’s degree strongly preferred in computer science, cybersecurity, MIS/ISDS or a related discipline or equivalent work experience. Master’s degree is a plus.

 

Experience needed

• Analyst II: Minimum 2 years of regulatory compliance and auditing experience as it relates to IT and cybersecurity

 

• Analyst III: Minimum 4 years of regulatory compliance and auditing experience as it relates to IT and cybersecurity

 

Minimum knowledge, skills, and abilities required of the position

• Knowledge of security ramifications of applicable regulations (SOX and HIPAA)
• Knowledge of security, risk, and control frameworks and standards such as ISO 27001, NIST, FISMA & COBIT
• Ability to quickly adapt to changing events and priorities
• Social, verbal, and written communication skills, with ability to effectively present analytical data

• Good communication skills with internal stakeholders
• Knowledge of cybersecurity operations is a plus
• Experience working with direct, indirect, and outsourced resources is a plus
• Exposure to operations playbooks, run books, and performance measures
• Some experience maintaining operations leveraging industry best practices is a plus
• Experience with data analysis, data integration, and data validation activities

• Detail oriented with the ability to interpret regulatory requests and corresponding data
• Comfortable working in high stress and ambiguous environments
• Capable of meeting deadlines
• Available to travel

 

 Any certificates, licenses, etc., required for the position

ISACA certification, such as CISSP, CISM, CISA is a plus

 

#LI-JL1

#LI-HYBRID

 Primary Location: Texas-The Woodlands Texas : The Woodlands || Louisiana : New Orleans 
Job Function: Professional
FLSA Status: Professional 
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT 
Number of Openings: 1
Req ID: 113959
Travel Percentage:Up to 25%

 

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEO page, or see statements below.

EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. 
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.  41 CFR 60-1.35(c). Equal Opportunity and Pay Transparency.

Pay Transparency Notice:

Pay Transparency Nondiscrimination Provision (dol.gov)

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment.  Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.