Entergy
Security Architect
Entergy, New Orleans, Louisiana, United States, 70123
Entergy
Entergy is an integrated energy company that provides electricity to 3 million utility customers in Arkansas, Louisiana, Mississippi, and Texas. We power life.This position may be filled in The Woodlands, TX; New Orleans, LA; Jackson, MS; or Little Rock, AR. Other locations within Entergy’s service territory may be considered.Job SummaryThe Security Architect utilizes their knowledge of IT and information security engineering to lead and/or participate in the development of assigned projects or solutions. The Security Architect focuses on implementing security requirements for assigned projects and solutions while maintaining compliance with internal and external policies and regulations.The Security Architect works closely with the Enterprise Security Architect to ensure projects and solutions are consistent with Entergy’s Information Security strategy and roadmap. The Security Architect provides clear and concise direction to project stakeholders and acts as the “face” of information security for those teams.Key Responsibilities/DutiesUtilize Information Security reference architectures to develop secure solutions and designs for projects.Provide input to policies, procedures, standards, processes, and templates that are consistent with the Information Security strategy and roadmap.Participate in security and non-security projects to ensure that security requirements are defined and implemented.Perform assessments and threat modeling of existing and emerging technologies to ensure they meet Entergy security and compliance requirements.Evangelize and advocate for information security with stakeholders.Monitor emerging trends in Information Security and technology and make or suggest changes to Entergy’s security posture as necessary.Experience needed3+ years of architecture or engineering experience in information security or IT/OT disciplines (detection and response, network security, application security, endpoint security, Identity and Access Management, vulnerability management, system administration, networking, application development, risk management, etc.).One or more years in a complex and highly-regulated industry (e.g., utilities, financial services, healthcare, etc.).Experience working with outsourced teams.Experience in working in partnership with colleagues throughout the enterprise.Minimum Knowledge, Skills, and Abilities neededFamiliarity with technologies commonly utilized within an enterprise IT and OT environment.Strong knowledge of multiple information security domains with an emphasis in Cloud services (AWS, Azure, etc.).Some knowledge of IT Security regulations and guidance such as NIST, FISMA & ISO27001.Familiarity with The Open Group Architecture Framework (TOGAF), Open Web Application Security Project (OWASP), Open Security Architecture, National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture, or other architecture frameworks.Able to be hands-on with technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organization.Able to design and develop an API-based services layer for consistent integration with the security systems.Knowledge of security ramifications of energy-related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)).Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL.Strong writing and analytic ability.Strong ability to concisely and effectively communicate across the enterprise.Organizational and time management skills.Available to travel as needed.Self-motivated, with the ability to manage and follow up on multiple tasks simultaneously.Capable of meeting deadlines.Education neededBachelor’s degree in computer science, cyber security, information systems, engineering or a related discipline or equivalent work experience. Master’s degree is a plus.Certifications neededISACA or ISC2 certification, such as CISSP, CISM, CISA are a plus.OSCP is a plus.Relevant vendor credentials offered by companies such as Symantec, Checkpoint, Cisco, Microsoft, etc. are a plus.
#J-18808-Ljbffr
Entergy is an integrated energy company that provides electricity to 3 million utility customers in Arkansas, Louisiana, Mississippi, and Texas. We power life.This position may be filled in The Woodlands, TX; New Orleans, LA; Jackson, MS; or Little Rock, AR. Other locations within Entergy’s service territory may be considered.Job SummaryThe Security Architect utilizes their knowledge of IT and information security engineering to lead and/or participate in the development of assigned projects or solutions. The Security Architect focuses on implementing security requirements for assigned projects and solutions while maintaining compliance with internal and external policies and regulations.The Security Architect works closely with the Enterprise Security Architect to ensure projects and solutions are consistent with Entergy’s Information Security strategy and roadmap. The Security Architect provides clear and concise direction to project stakeholders and acts as the “face” of information security for those teams.Key Responsibilities/DutiesUtilize Information Security reference architectures to develop secure solutions and designs for projects.Provide input to policies, procedures, standards, processes, and templates that are consistent with the Information Security strategy and roadmap.Participate in security and non-security projects to ensure that security requirements are defined and implemented.Perform assessments and threat modeling of existing and emerging technologies to ensure they meet Entergy security and compliance requirements.Evangelize and advocate for information security with stakeholders.Monitor emerging trends in Information Security and technology and make or suggest changes to Entergy’s security posture as necessary.Experience needed3+ years of architecture or engineering experience in information security or IT/OT disciplines (detection and response, network security, application security, endpoint security, Identity and Access Management, vulnerability management, system administration, networking, application development, risk management, etc.).One or more years in a complex and highly-regulated industry (e.g., utilities, financial services, healthcare, etc.).Experience working with outsourced teams.Experience in working in partnership with colleagues throughout the enterprise.Minimum Knowledge, Skills, and Abilities neededFamiliarity with technologies commonly utilized within an enterprise IT and OT environment.Strong knowledge of multiple information security domains with an emphasis in Cloud services (AWS, Azure, etc.).Some knowledge of IT Security regulations and guidance such as NIST, FISMA & ISO27001.Familiarity with The Open Group Architecture Framework (TOGAF), Open Web Application Security Project (OWASP), Open Security Architecture, National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture, or other architecture frameworks.Able to be hands-on with technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organization.Able to design and develop an API-based services layer for consistent integration with the security systems.Knowledge of security ramifications of energy-related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)).Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL.Strong writing and analytic ability.Strong ability to concisely and effectively communicate across the enterprise.Organizational and time management skills.Available to travel as needed.Self-motivated, with the ability to manage and follow up on multiple tasks simultaneously.Capable of meeting deadlines.Education neededBachelor’s degree in computer science, cyber security, information systems, engineering or a related discipline or equivalent work experience. Master’s degree is a plus.Certifications neededISACA or ISC2 certification, such as CISSP, CISM, CISA are a plus.OSCP is a plus.Relevant vendor credentials offered by companies such as Symantec, Checkpoint, Cisco, Microsoft, etc. are a plus.
#J-18808-Ljbffr