American Electric Power IT Risk & Compliance Specialist Lead in Columbus, Ohio

16871BR

Title:

IT Risk & Compliance Specialist Lead

Job Description:

Position Summary:

Responsible for:

  • Large scale assignments with limited direction from senior team members.

  • Involvement in the forecasting and budgeting processes.

  • Providing guidance and direction to more-junior team members.

  • The execution and / or oversight of technical controls throughout the IT environment (infrastructure, applications, telecom) and cyber security environment with moderate direction from senior team members.

  • Developing advanced understanding of risk and compliance practices and concepts.

  • Gathering, investigating, and analyzing risk and compliance requirements, processes, and incidents.

  • Development and maintenance of necessary documentation of systems, projects, and/or processes.

  • Direct involvement in implementation, support and usage of technical solutions.

  • Engagement in all phases of Audit Management processes.

  • Maintaining an open and collaborative environment that promotes safety, accountability, engagement, and continuous improvement throughout AEP.

Examples of functions in this role are:

  • IT control analyst

  • Technical analyst

  • Technical documentation

  • IT or Cyber incident responder

  • Forensic investigator

  • Audit liason

PRINCIPAL ACCOUNTABILITIES

OPERATIONS TEAM

  • Communicating IT Controls to process owners; adhere to guidance from Assurance team

  • Maintaining a subset of infrasctucture, application, telecom controls

  • Ownership of compliance/risk-related processes throughout IT and cyber security

  • Collaborating with process owners to set baselines, enact controls, monitor trouble tickets, escalate concerns, maintain metrics

  • Unifying IT control standards, proceses documentation and evidence among IT and cybersecurity and appropriate BUs

  • Ensuring audit evidence and request deadlines are met

  • Involvement in development and support of mitigations and remediations, new processes, new policies, new controls

  • Building and sustaining collaborative relationships ith Operating Company and Business Unit management, and with external partners, suppliers and vendors.

  • Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply

ASSURANCE TEAM

  • Communicating IT Controls to process owners; guiding Operations team on appropriate application of standards and controls

  • Ownership of Audit Management; close aligment with ENC and Regulatory Services

  • Design, implementation, and ownership of Records Management Program

  • Design, implementation, and ownership of IT Control Framework

  • Collaborating with Operations and Resilience teams to escalate concerns, maintain metrics

  • Unifying IT control standards, proceses documentation and evidence among IT and cybersecurity and appropriate BUs

  • Ensuring audit evidence and request deadlines are met

  • Involvement in development and support of mitigations and remediations, new processes, new policies, new controls

  • Building and sustaining collaborative relationships ith Operating Company and Business Unit management, and with external partners, suppliers and vendors.

  • Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply

RESILIENCE TEAM

  • Communicating IT risk management methodologies and practices to IT and cyber security; adhere to guidance from Assurance team

  • Ownership of Operational Risk Program for IT and cyber security; close alignment with Enterprise Business Continuity, Enterprise Risk Management, and Operational Risk Management

  • Ownership of Recovery Operations Programs for IT – design and oversite of testing, documentation,metrics, processes and procedures

  • Maintaining a subset of appropriate risk controls

  • Engagement in all projects and initiatives that require risk-related controls

  • Ensuring audit evidence and request deadlines are met

  • Involvement in development and support of mitigations and remediations, new processes, new policies, new controls

  • Building and sustaining collaborative relationships ith Operating Company and Business Unit management, and with external partners, suppliers and vendors

  • Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply

Associated tasks:

  • Assist in coordinating some work assignments of lower level team members within the group. Contributes to the creation of a climate in which people want to do their best.

  • Develop and present documents and reports clearly, concisely, and effectively. Adjust and translate delivery style to fit the audience.

  • Identifies, clarifies, resolves, and initiates solutions to security problems that involve analysis of inadequate or conflicting data.

  • Adoption of contiouous improvement principles wherever reasonable.

  • Produces status reports with minimal guidance from higher level team members. Maintains an awareness of time constraints for work activities; makes appropriate adjustments when needed.

  • Actively participates in team initiatives and meetings by preparing, making contributions and following through on agreements.

  • On-going professional and personal development.

Auto req ID:

16871BR

Relocation:

No

Location:

Columbus, OH

Job Type:

Full-Time

Job Category:

Risk Management

Minimum Requirements:

Minimum Requirements for IT Risk & Compliance Specialist Lead

Education: Bachelor’s degree in IT related field OR Associates degree with (2) years IT related field experience OR High School Diploma/GED with (4) years Cyber Security or IT related field experience.

Experience: nine or more years of IT related security technical experience (in addition to any experience identified above).

REQUIREMENTS – OTHER: These are additional expectations for the job and could include specific work experience, license / certifications, preemployment testing, expectations about travel, shift work, etc.

  • Knowledge of the following areas is preferred: NIST security standards, COBIT control framework

  • Clearly and concisely expresses technical concepts in activities and presentations

  • Possesses the skill and demeanor to present to executive-level audiences

Licenses/Certifications: One or more of the following is desired: CISSP, CISA, CISM, CRISC, SANS GIAC,

Equal Opportunity Employer | Minorities/Females/Disability/Vets