Energy Future Holdings Corp. is a Dallas-based, privately held energy company with a portfolio of competitive and regulated energy companies. TXU Energy, Luminant and Oncor, EFH's primary businesses, serve the high-growth Texas electricity market, which is one of world's largest and among the nation's most successful competitive markets. These businesses serve the high-growth Texas electricity market, which is one of the world's largest and among the nation's most successful competitive markets.
IT Manager, Compliance & Security
Dallas, TX – Energy Plaza
This position will report to the Senior Manager, IT Risk, Security and Compliance.
Responsibilities and Duties:
• Works on a team within the IT Risk, Security, and Compliance organization, focusing on IT Security compliance processes and initiatives, acting as the central point of contact and collaborating with other security organizations within the company in these matters.
• Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in laws and regulations such as: the Sarbanes-Oxley Act (SOX), PCI (Payment Card Industry) Security Standards, HIPAA, NEI, NERC CIP and NRC, state and federal Privacy law, and Senate Bill 7.
• Maintains and oversees the execution of the IT General Computing controls framework.
• Performs and/or oversees the performance of periodic risk assessments that identify current and future internal and external security vulnerabilities, provides necessary information to derive decisions about risk acceptance and risk mitigation, and identifies the best ways to reduce information security risks.
• Coordinates and directs the development, management approval, implementation, and promulgation of objectives, goals, policies, standards, guidelines, and other requirement statements needed to support information security compliance throughout the company.
• Supports the EFH security compliance program, ensuring all external compliance requirements are identified, current compliance status is identified, and remediation actions and protects are identified, prioritized, and tracked to completion.
• Assists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
• Manages special projects related to information security that may be needed to appropriately respond to ad-hoc or unexpected information security compliance events
• Coordinates the information security compliance efforts of all internal and outsourced functions to ensure that organization-wide information security compliance efforts are consistent.
• Support Internal Audit activities and remediation requirements.
• Develop and maintain a deep understanding of value drivers for EFH business units
• Establish and maintain strong working relationships with groups involved with information security matters such as the Legal Department, Internal Audit Department, Physical Security Department, Information Technology Department, Information Security Council, HR and all outsourced IT organizations.
• Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a large, highly-matrixed organization. Capable of delivering results through a position of influence, not authority.
• Maintain industry relationships and look to all sources available to develop the best technology strategies.
Minimum Education & Experience Required:
• Minimum 8-10 years of experience and a Bachelors degree in technical/related field or additional related experience required. Proven, broad, in-depth technical knowledge of security principles and process, audit methodology and assurance practices is required.
• Security and audit related certifications are beneficial.
• Written and verbal communication skills are critical. Must be able to communicate to diverse audiences with varying skill sets. An ability to understand the technical details and communicate the essentials at a high level is essential.