American Electric Power IT Mgr - IT Risk & Compliance Mgr (Assurance team) in Columbus, Ohio

Title IT Mgr - IT Risk & Compliance Mgr (Assurance team)

Auto req ID 16099BR

Location Columbus, OH

Job Type Full-Time

Job Category Information Technology

Relocation No

Job Description IT Risk & Compliance Mgr (Assurance team)

Position Summary:

The IT R&C Manager is responsible for directly managing and developing information technology technical staff, building and sustaining collaborative relationships with Operating Company and Business Unit management, and with external partners, suppliers and vendors, and managing annual O&M and capital budgets. The Manager is expected to gain acceptance as a peer and equal partner when working directly with Operating Company and Business Unit management.

The IT R&C Manager is responsible for short or medium-term assignments of moderate complexity and/or budgetary, strategic, or operational impacts. Responsibilities include decision making, risk assessment, task prioritization/assignment/tracking, project assignment, employee development, performance feedback, motivation, team building, communication, planning, resource allocation, cost control, problem/issue/conflict resolution, customer service, and client relations. Decisions are guided by policies, procedures and business plan; receives guidance and oversight from senior manager.

The IT R&C Manager will promote and apply information technology solutions to meet the needs and align with the strategies of our Operating Company and Business Unit customers. He/she will lead the team to complete projects and perform all Information Technology work activities via efficient processes and effective use of resources.

The IT R&C Manager will establish and maintain an open and collaborative environment that promotes safety, accountability, engagement and continuous improvement within and throughout the Information Technology organization.

The significant difference between the IT Manager roles will be the size of the project or the scope of the process led, the breadth of potential benefit/impact on the department, organization or enterprise, the number of individuals supervised, and the grade levels of those supervised.

Principal Accountabilities:

Ownership of Audit Management Program; close alignment with Enterprise NERC Compliance and Audit Services

Support all audit efforts related to information security and/or compliance (including, but not limited to, audit planning and scheduling, evidence review and revision, control framework adoption, integration of audit practices) through close collaborations with both internal stakeholders as well as external auditors

Design, implementation, and ownership of Records Management Program in support of risk and compliance objectives

Unifying IT control framework, process documentation, and evidence among IT, cyber security and appropriate business units

Involvement in development and support of mitigations / remediations, new processes, new policies, new controls, and new tools to support compliance processes

Perform periodic risk assessments and audits to ensure systems and processes meet all appropriate requirements (NERC CIP, SOX, andPII)

Stay abreast of changing pertinent regulation and perform analysis of regulations that impact AEP and update control framework as required

Assist in tracking and maintenance of action plans for the resolution of issues identified during assessment and audits; perform analysis and reporting of compliance gaps

Build and foster strategic business relationships and represent the IT organization when collaborating with Operating Company and Business Unit leaders.

Provide safety leadership and compliance without exception; enhance a strong safety culture.

Promote a winning culture that is actively engaged, mutually supportive and high-performance oriented.

Provide corporate compliance leadership and accountability for NERC CIP, Physical and Cyber Security, Ethics, Corporate Policies, etc.

Provide financial leadership, including strategic forecasting and planning; establish and manage departmental O&M and capital budgets in coordination with the Operating Company or Business Unit.

Develop competent teams and future AEP leaders; coach and guide employees, and provide opportunities for career growth.

Provide training opportunities for employees to learn and share knowledge, strengthen skills, and deepen and broaden technical and professional capabilities; ensure that all employees are well-trained, knowledgeable, enabled and focused on the success of the company.

Prioritize and direct area work activities, and optimize utilization of resources.

Minimum Requirements

NOTE: This opportunity may be filled at any of the following levels based on one’s Education, related work experience and skills.

Minimum Requirements IT Risk Mgr:

Education: Bachelor degree in Electrical Engineering, Telecommunications, Computer Science, or a related field, or an Associate degree in these fields combined with a minimum of (2) years of applicable technical experience, or a HS diploma/GED combined with a minimum of (4) years of applicable technical experience.

Experience: (8) or more years of audit or compliance/ IT experience, demonstrating steady progression in responsibilities. 0-3 years of direct supervision experience (in addition to any experience identified above).

Minimum Requirements for IT Risk Mgr:

Education: Bachelor degree in Electrical Engineering, Telecommunications, Computer Science, or a related field, or an Associate degree in these fields combined with a minimum of (2) years of applicable technical experience, or a HS diploma/GED combined with a minimum of (4) years of applicable technical experience.

Experience: (10) or more years of audit or compliance/IT experience, and 4-6 years of direct supervision experience (in addition to any experience identified above).

Requirements – other

  • 3 – 5 years of experience in an auditing role

  • Knowledge of NERC CIP, Sarbanes-Oxley, NIST security standards, COBIT control framework

Licenses/Certifications Preferred:

  • One or more of the following: CISSP, CISA, CISM, CRISC, PMP

| American Electric Power | Equal Opportunity Employer | Minorities/Females/Disability/Vets |