Job added in hotlist
Applied job
Contract job
90-day-old-job
part-time-job
Recruiter job
Employer job
Expanded search
Apply online not available
View more jobs in Spring, TX
View more jobs in Texas

Job Details

Mgr IT - Threat and Vulnerability Management

Company name
Entergy Corporation

Location
Spring, TX, United States

Employment Type
Full-Time

Industry
Manager, It

Posted on
Feb 07,2019

Valid Through
May 23,2019

Apply for this job






Profile

Brief Position Description

The Threat and Vulnerability Manager is responsible for supporting IT leadership by the establishment, maintenance and evolution of an enterprise-wide Threat and Vulnerability Management Function (TVM) in Information Security, to model, detect, prevent and remediate threats and vulnerabilities, as well as risk analysis and impact assessment.  This role is responsible for threat identification and vulnerability management across all device & hosting categories, and engages with asset owners and stakeholders to drive remediation activites. The TVM Manager is responsible for program maintenance, including tool maintenance and deployment, and the oversight of  proactive intrusion testing. Supports coordination of the TVM function with all areas of the IT organization, other business unit stakeholders, and governmental agencies as required. 

 

The Manager will report to the Director of Detection and Response and will manage a team of employees and a flexible pool of contingent workers depending on project needs.

 

Key responsibilities include:

*Develop and implement necessary TVM policies, procedures and reference architectures that are in compliance with statutory,regulatory, and internal requirements that cover internal and external parties; regulated and non-regulated physical, Operational Technology, and business systems throughout the enterprise. *Monitor and respond to regulatory developments and industry best practices in a timely manner. *Accountable & responsible for all security patching & related compliance requirements - oversight, discovery, monitoring implementation & reporting

*Ownership of patch management policies, procedures & systems.  *Discover, evaluate and oversee deployment of applicable patches across all asset classes (e.g. mobile, firewall, servers). *Satisfy strict North American Electric Reliability Corporation  Critical Infrastructure Protection ( NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54 ) compliance & reporting requirements

*Develop the strategy & technology roadmap for the TVM function. *Drive process excellence and maturity to push the envelope on delivering a world-class TVM function *Establish reliable TVM function for all operational technology including power generation units, nuclear plants, electric substations, SCADA, distribution automation, advanced metering infrastructure (AMI) *Manage annual penetration testing including RFP process,managing 3rd parties executing the tests, scoping, communicating internally, acting on output from testingand taking necessary corrective actions. *Responsible for cyber vulnerability assessments and satisfying specific requirements to ensure security of the environment in compliance with NERC CIP and NRC Nuclear Cyber (10 CFR 73.54 ) *Threat modeling to determine threats that pose biggest risk to the business and mitigate according to their risk weighting. *Accountable for vulnerability scanning process, schedule & operational monitoring across all device classes (server, desktop, mobile, etc) and hosting models (on-prem, external, cloud). *Lead digitization efforts to automate routine playbooks and identify opportunities for automation *Establish metrics to measure performance of the TVM function and report trends along with any necessary remediation *Attend technical engagement with audit, regulators, clients, and third parties, when required *High-quality management reporting on known threats, vulnerabilities, patching, mitigating actions and risk acceptance. *Collaborate and work across other IT areas to assess & mitigate security risks and provide technical guidance as needed. *Support incident response and investigation of security incidents including root cause analysis. *Manage & mentor a complex & diverse team of TVM specialists and develop junior resources.

Experience needed

*Five to seven years of cyber security experience across multiple disciplines (network engineering, application security, database, threat detection/mitigation, risk management, project management, etc.) *Minimum of 5 years of experience working with vulnerability scanning tools such as Tenable Security Center, Nessus, Qualys, Fortify, Checkmarx, WebInspect, AppScan, etc.  *Experience working with outsourced teams. *Experience managing or operating enterprise infrastructure in a role aligned with or responsible for vulnerability management (patch management, configuration management, remediation, etc.)

*Advanced experience with vulnerability assessment, remediation, and reporting, including comprehensive understanding of Vulnerability Management methodologies and procedures and application and infrastructure vulnerability scanning solutions. *Experience with a variety of security controls & technologies like in DLP, AV, log management and anti-malware *Windows, UNIX, and Linux operating systems.

Minimum knowledge, skills, and abilities required of the position

*Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54 )). *Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL. *Knowledge of current IT Security trends and best practices in technology, as well as penetration testing of applications and infrastructure , vulnerability and risk assessment, security assessments of network infrastructure, hosts and applications, forensics and troubleshooting. *Working knowledge with scripting languages such as Perl or Python. *Clear understanding of cloud computing and the risks and benefits of using a vendor's remote servers to store, manage, and process an organization's data. *Excellent report writing and communication and ability to effectively communicate cyber awareness across the organization. *The ability to work well independently or with a team. *Available to travel. *Capable of meeting deadlines and budgets. *Ability to coordinate with Entergy's Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards.

Education

Bachelor's degree in computer science, cyber security or a related discipline or equivalent work experience.  Advanced degree preferred.

 

Any certificates, licenses, etc., required for the position

ISACA certification, such as CISSP, CISM, CISA

Vendor credentials offered by companies such as Microsoft and Cisco

 

#LI-MM1

Primary Location: Texas-Woodlands

Job Function: Information Technology

FLSA Status: Professional

Relocation Option: Level I

Union description/code: NON BARGAINING UNIT-NBU

Number of Openings: 1

Req ID: 83780

Travel Percentage:Up to 25%

 

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement

Company info

Entergy Corporation
Website : http://www.entergy.com

Company Profile
We suffered an employee fatality in 2012 and a contractor fatality in 2013. In 2012, employee lost-time injuries increased over 2011. This safety performance is devastating. We are working to build greater safety awareness and a stronger safety culture. Achieving an accident-free work environment for our employees and contractors remains a top priority.

Similar Jobs:
Senior System Engineer
Location : Houston, TX
About this job\r\nJob type: Full-timeRole: System AdministratorTechnologies osx, sysadmin Job description Requirements:  Extensive Experience with:               -Cisco UCS               -NetApp               -Net Backup...
Senior DW Developer
Location : Houston, TX
About this job\r\nJob type: Full-timeRole: Database AdministratorTechnologies sql, sql-server, tsql Job description Job Description: Position Title:  Senior DW Developer (SQL Server) Department:  Information Technology Reports to:...
Workday HRIS Analyst
Location : Houston, TX
Post a job offer Workday HRIS Analyst Genuent Houston, TX 30m ago This Position is responsible for the management and development of HRIS processes, Standard Operating Procedures, data integrity, system reports and analysis. This ...