Entergy is a leading energy provider, and they are seeking a Security Risk Analyst to assist with the implementation and monitoring of vendor security risk management processes. The role involves conducting risk assessments of vendors, developing risk management frameworks, and collaborating with internal teams to ensure compliance with security standards.
Tracks Vendor Assessment Review Requests and communicates status to requestors.
Reviews assessment reports against asset control objectives to determine effectiveness.
Assists with vendor risk assessments (vendor assessments, supply chain assessments, etc.) as necessary.
Reports out on control testing through Controls Dashboard
Administers vendor risk request tracking process.
Prepares summary and detailed reports on vendor risk across the enterprise.
Conducts control testing and assessment.
Qualification
Required
Bachelor’s degree in Business, Computer Science or related field, or equivalent work experience
2+ years of experience in internal or external auditing, security testing, or risk management and analysis
1+ years of IT security or IT risk management experience
Excellent problem-solving and decision making ability
Excellent written and verbal communication skills
Professional demeanor, exceptional interpersonal skills, including teamwork, facilitation and negotiation
Team player, highly collaborative, able to work cross-functionally
Resourceful and self-motivated, able to work independently when required
Excellent planning, organizational and project management skills; detail and process-oriented; able to multi-task a number of different projects
Knowledge of generally applicable and accepted audit and risk frameworks (e.g. COBIT, CAG 20 Critical Security Controls, NIST, UCF) and government guidelines and laws (e.g. Sarbanes Oxley Act, NERC/CIP, HIPAA, FCC)
Understanding of regulatory requirements impacting the utility industry (SOX, HIPAA, NERC CIP, Smart Meter/Smart Grid, etc.) with subject matter expert knowledge in one or more areas
Advanced computer skills including Microsoft Office suite and other business related software systems