Spring, TX, United States
Brief Position Description
The Threat and Vulnerability Manager is responsible for supporting IT leadership by the establishment, maintenance and evolution of an enterprise-wide Threat and Vulnerability Management Function (TVM) in Information Security, to model, detect, prevent and remediate threats and vulnerabilities, as well as risk analysis and impact assessment. This role is responsible for threat identification and vulnerability management across all device & hosting categories, and engages with asset owners and stakeholders to drive remediation activites. The TVM Manager is responsible for program maintenance, including tool maintenance and deployment, and the oversight of proactive intrusion testing. Supports coordination of the TVM function with all areas of the IT organization, other business unit stakeholders, and governmental agencies as required.
The Manager will report to the Director of Detection and Response and will manage a team of employees and a flexible pool of contingent workers depending on project needs.
Key responsibilities include:
*Develop and implement necessary TVM policies, procedures and reference architectures that are in compliance with statutory,regulatory, and internal requirements that cover internal and external parties; regulated and non-regulated physical, Operational Technology, and business systems throughout the enterprise. *Monitor and respond to regulatory developments and industry best practices in a timely manner. *Accountable & responsible for all security patching & related compliance requirements - oversight, discovery, monitoring implementation & reporting
*Ownership of patch management policies, procedures & systems. *Discover, evaluate and oversee deployment of applicable patches across all asset classes (e.g. mobile, firewall, servers). *Satisfy strict North American Electric Reliability Corporation Critical Infrastructure Protection ( NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54 ) compliance & reporting requirements
*Develop the strategy & technology roadmap for the TVM function. *Drive process excellence and maturity to push the envelope on delivering a world-class TVM function *Establish reliable TVM function for all operational technology including power generation units, nuclear plants, electric substations, SCADA, distribution automation, advanced metering infrastructure (AMI) *Manage annual penetration testing including RFP process,managing 3rd parties executing the tests, scoping, communicating internally, acting on output from testingand taking necessary corrective actions. *Responsible for cyber vulnerability assessments and satisfying specific requirements to ensure security of the environment in compliance with NERC CIP and NRC Nuclear Cyber (10 CFR 73.54 ) *Threat modeling to determine threats that pose biggest risk to the business and mitigate according to their risk weighting. *Accountable for vulnerability scanning process, schedule & operational monitoring across all device classes (server, desktop, mobile, etc) and hosting models (on-prem, external, cloud). *Lead digitization efforts to automate routine playbooks and identify opportunities for automation *Establish metrics to measure performance of the TVM function and report trends along with any necessary remediation *Attend technical engagement with audit, regulators, clients, and third parties, when required *High-quality management reporting on known threats, vulnerabilities, patching, mitigating actions and risk acceptance. *Collaborate and work across other IT areas to assess & mitigate security risks and provide technical guidance as needed. *Support incident response and investigation of security incidents including root cause analysis. *Manage & mentor a complex & diverse team of TVM specialists and develop junior resources.
*Five to seven years of cyber security experience across multiple disciplines (network engineering, application security, database, threat detection/mitigation, risk management, project management, etc.) *Minimum of 5 years of experience working with vulnerability scanning tools such as Tenable Security Center, Nessus, Qualys, Fortify, Checkmarx, WebInspect, AppScan, etc. *Experience working with outsourced teams. *Experience managing or operating enterprise infrastructure in a role aligned with or responsible for vulnerability management (patch management, configuration management, remediation, etc.)
*Advanced experience with vulnerability assessment, remediation, and reporting, including comprehensive understanding of Vulnerability Management methodologies and procedures and application and infrastructure vulnerability scanning solutions. *Experience with a variety of security controls & technologies like in DLP, AV, log management and anti-malware *Windows, UNIX, and Linux operating systems.
Minimum knowledge, skills, and abilities required of the position
*Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54 )). *Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL. *Knowledge of current IT Security trends and best practices in technology, as well as penetration testing of applications and infrastructure , vulnerability and risk assessment, security assessments of network infrastructure, hosts and applications, forensics and troubleshooting. *Working knowledge with scripting languages such as Perl or Python. *Clear understanding of cloud computing and the risks and benefits of using a vendor's remote servers to store, manage, and process an organization's data. *Excellent report writing and communication and ability to effectively communicate cyber awareness across the organization. *The ability to work well independently or with a team. *Available to travel. *Capable of meeting deadlines and budgets. *Ability to coordinate with Entergy's Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards.
Bachelor's degree in computer science, cyber security or a related discipline or equivalent work experience. Advanced degree preferred.
Any certificates, licenses, etc., required for the position
ISACA certification, such as CISSP, CISM, CISA
Vendor credentials offered by companies such as Microsoft and Cisco
Primary Location: Texas-Woodlands
Job Function: Information Technology
FLSA Status: Professional
Relocation Option: Level I
Union description/code: NON BARGAINING UNIT-NBU
Number of Openings: 1
Req ID: 83780
Travel Percentage:Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement
Website : http://www.entergy.com
We suffered an employee fatality in 2012 and a contractor fatality in 2013. In 2012, employee lost-time injuries increased over 2011. This safety performance is devastating. We are working to build greater safety awareness and a stronger safety culture. Achieving an accident-free work environment for our employees and contractors remains a top priority.