American Electric Power IT Risk & Compliance Spec - IT Risk & Compliance Spec Sr in Columbus, Ohio

19321BR

Title:

IT Risk & Compliance Spec - IT Risk & Compliance Spec Sr

Job Description:

Position Summary:

Responsible for:

The execution and / or oversight of technical controls throughout the IT environment (infrastructure, applications, telecom) and cyber security environment with moderate direction from senior team members.

Developing fundamental understanding of basic risk and compliance practices and concepts.

Assistance in gathering, investigating, and analyzing risk and compliance requirements, processes, and incidents.

Development and maintenance of necessary documentation of systems, projects, and/or processes.

Often involved directly in implementation, support and usage of technical solutions.

Engagement in all phases of Audit Management processes.

Maintaining an open and collaborative environment that promotes safety, accountability, engagement, and continuous improvement throughout AEP.

ASSURANCE TEAM

  • Communicating IT Controls to process owners; guiding Operations team on appropriate application of standards and controls

  • Ownership of Audit Management; close alignment with ENC and Regulatory Services

  • Design, implementation, and ownership of Records Management Program

  • Design, implementation, and ownership of IT Control Framework

  • Collaborating with Operations and Resilience teams to escalate concerns, maintain metrics

  • Unifying IT control standards, processor documentation and evidence among IT and cybersecurity and appropriate BUs

  • Ensuring audit evidence and request deadlines are met

  • Involvement in development and support of mitigations and remediations, new processes, new policies, new controls

  • Building and sustaining collaborative relationships with Operating Company and Business Unit management, and with external partners, suppliers and vendors.

  • Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply

Associated tasks:

  • Assist in coordinating some work assignments of lower level team members within the group. Contributes to the creation of a climate in which people want to do their best.

  • Develop and present documents and reports clearly, concisely, and effectively. Adjust and translate delivery style to fit the audience.

  • Identifies, clarifies, resolves, and initiates solutions to risk-related concerns

  • Supports Operations and Assurance team when necessary

  • Actively participates in team initiatives and meetings by preparing, making contributions and following through on agreements.

  • On-going professional and personal development

Auto req ID:

19321BR

Relocation:

No

Location:

Columbus, OH

Job Type:

Full-Time

Job Category:

Risk Management

Minimum Requirements:

IT Risk Compliance Spec:

Education: Bachelor's degree in IT related field OR Associates degree with 2 years IT related field experience OR High School Diploma/GED with 4 years Cyber Security or IT related field experience.

Experience: Three or more years of IT related security technical experience (in addition to any experience identified above).

IT Risk Compliance Spec Sr:

Education: Bachelor's degree in IT related field OR Associates degree with 2 years IT related field experience OR High School Diploma/GED with 4 years Cyber Security or IT related field experience.

Experience: Six or more years of IT related security technical experience (in addition to any experience identified above).

Requirements-Other:

  • Two or more years of experience with one or more of each of the following items:

  • NERC CIP, IT Compliance ,Cyber Security or financial audits.

  • NIST Security Standards, COBIT 5, COSO Control Frameworks, or SSAE16, SAS70, or ISAE 3402.

  • Regulatory agencies, Electric Utility Regional Entities, or Third Party Auditors.

  • Strong technical writing skills with an ability to aggregate information for reporting status or metrics.

  • Coordinate projects across different business areas or within IT and able to engage the right resources with the right urgency appropriate to the issue.

  • Excellent communication skills – able to effectively collaborate and partner with others within and outside their comfort zone.

  • Knowledge of the following areas is preferred: NIST security standards, COBIT control framework

  • One or more of the following is desired: CISSP, CISA, CISM, CRISC, SANS GIAC

Equal Opportunity Employer | Minorities/Females/Disability/Vets