Entergy Director, IT Detection & Response in Woodlands, Texas

Director, IT Detection & Response

Apply now »

Date: Sep 13, 2018

Location: Woodlands, TX, US

Company: Entergy

Brief Position Description

The Director of Detection & Response (D&R) provides leadership and direction to the entire Detection and Response team in IT, including Consolidated Security Operations Center (CSOC), Threat & Vulnerability Management (TVM), and Advance Monitoring (SIEM), to ensure timely and adequate monitoring, detection, and response to cyber threats that could affect the operations of the enterprise. This role has direct oversight of the CSOC, TVM, SIEM and each of their management teams, including governance, oversight, and performance management of staffing levels, skills training, and resource planning to maintain effective operations in the above functions. Communicate with governmental agencies, information sharing centers, and regulatory bodies to exchange cyber security threat intelligence and stay abreast of impending cyber security laws and regulations.

The Director will report to the VP of Information Security (VPIS) and will lead a team including 3 direct reports and total staff of 48, with 32 employees and a flexible pool of contingent workers depending on project needs.

Key responsibilities include:

  • Ownership & oversight for performance of the CSOC, TVM and SIEM teams within IT, including development and execution of business plan, strategy and priorities

  • Develop and execute a strategy to ensure high quality service delivery in the detection and response of cyber and physical security threats

  • Oversee the direction of CSOC, SIEM & TVM technology roadmaps

  • Drive process excellence and maturity to push the envelope on proactive cyber and physical defense and incident response automation

  • Responsible for ensuring team delivery meets the level required to ensure security of the environment in compliance with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)

  • Direct global delivery of 24/7 cyber security incident response services and resources

  • Manage adequate staff coverage, shifts and redundancy to meet business needs

  • Establish a world class Level 1 (L1) monitoring & operations capability

  • Drive the incident response process for major incidents, collaborate with a wide variety of stakeholders to put in place mitigations and remediation

  • Work with stakeholders to ensure all systems are designed and on-boarded to meet Detection & Response guidelines

  • Direct & evolve world-class detection & response capabilities for all information and operational technology areas including power generation units, nuclear plants, electric substations, SCADA, distribution automation, advanced metering infrastructure (AMI)

  • Manage regular intrusion detection and vulnerability testing, reporting, internal/external IT audit group reviews, and the coordination of all required remediations

  • Ensure team receives consistent messages and has clear understanding of business direction, strategy and results

  • Motivate and engage staff to excel and continuously improve in keeping the enterprise safe from cyber incidents

  • Manage career development, stretch opportunities and training needs of the team

  • Coordinate incident response scenarios and routine exercises to ensure operational readiness

  • Drive problem management within the D&R team

  • Oversee the collection and management of metrics to ensure effective and efficient cyber security operations

  • Must maintain expert insights into cyber and physical security trends, threat actors, and incident response techniques

  • Assist VP of Information Security (VPIS) with the development and management of budget, technology, service, and solution and vendor roadmap Experiences needed

  • Seven to ten years of cyber security operational experience across multiple functions

  • 5+ years of work experience managing cyber security incident response

  • Hands on experience in Incident Response (IR), security operations, and in managing teams and developing people

  • Demonstrated experience managing direct, indirect, and outsourced resources

  • Experience managing operations playbooks, run books, and performance measures

  • Strong performance maintaining and optimizing operations leveraging industry best practices

Minimum knowledge, skills, and abilities required of the position

  • Proficient in security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)

  • Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL

  • Knowledge of current IT Security trends and best practices in incident detection and response

  • Clear understanding of cloud, hosted, on-premise, legacy and modern architectures to develop effective detection and response platforms

  • Ability to quickly adapt to changing events and priorities and realign resources as needed

  • Ability to translate complex technical information into terms and products useful to executive management/C-suite

  • Excellent social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences

  • Available to travel

  • Comfortable working in high stress and ambiguous environments

  • Capable of meeting deadlines and budgets

  • Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards


Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience. Advanced degree preferred.

Any certificates, licenses, etc., required for the position

  • ISACA certification, such as CISSP, CISM, CISA

  • PMP considered a plus


Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.


Primary Location: Texas-Woodlands

Job Function :Information Technology

FLSA Status :Professional

Relocation Option: Approved in accordance with the Entergy guidelines

Union description/code :NON BARGAINING UNIT-NBU

Number of Openings :1

Req ID: 82403

Travel Percentage :Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement

Nearest Major Market: Houston

Job Segment: Manager, Risk Management, Corporate Security, Nuclear, Supply, Management, Finance, Security, Energy, Operations

Apply now »