American Electric Power IT Risk & Compliance Spec Sr in Columbus, Ohio



IT Risk & Compliance Spec Sr

Job Description:

Responsible for:

  • moderate-to-large scale assignments with limited direction from senior team members

  • providing guidance and direction to more-junior team members

  • the execution and / or oversight of technical controls throughout the IT environment (infrastructure, applications, telecom) and cyber security environment with moderate direction from senior team members

  • developing advanced understanding of risk and compliance practices and concepts

  • gathering, investigating, and analyzing risk and compliance requirements, processes, and incidents.

  • development and maintenance of necessary documentation of systems, projects, and/or processes

  • direct involvement in implementation, support and usage of technical solutions

  • engagement in all phases of Audit Management processes

  • maintaining an open and collaborative environment that promotes safety, accountability, engagement, and continuous improvement throughout AEP


  • Communicates IT risk management methodologies and practices to IT, Telecommunications, and cyber security; adhere to guidance from Assurance team

  • Participates in Operational Risk Program for IT and Telecommunications; close alignment with Enterprise Business Continuity, Enterprise Risk Management, and Operational Risk Management

  • Participates in Recovery Operations – development and analysis of testing, documentation, metrics, processes and procedures

  • Serves as Business Continuity Coordinator (BCC) for the Infrastructure team

  • Engagement with Assurance team when validating and testing all controls related to Resilience procedures

  • Participate in all projects and initiatives that require risk-related controls

  • Ensures audit evidence and request deadlines are met

  • Involvement in development and support of mitigations and remediations, new processes, new policies, new controls

  • Building and sustaining collaborative relationships with Operating Company and Business Unit management, and with external partners, suppliers, and vendors

  • Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply

Associated tasks:

  • Assist in coordinating some work assignments of lower level team members within the group. Contributes to the creation of a climate in which people want to do their best.

  • Develop and present documents and reports clearly, concisely, and effectively. Adjust and translate delivery style to fit the audience.

  • Identifies, clarifies, resolves, and initiates solutions to risk-related concerns

  • Supports Operations and Assurance team when necessary

  • Actively participates in team initiatives and meetings by preparing, making contributions and following through on agreements.

  • On-going professional and personal development

Auto req ID:





Columbus, OH

Job Type:


Job Category:

Risk Management

Minimum Requirements:

Education: Bachelors degree in IT related field OR Associates degree with 2 years IT related field experience OR High School Diploma/GED with 4 years Cyber Security or IT related field experience.

Experience: Six or more years of IT related security technical experience (in addition to any experience identified above).


  • Two or more years of experience with one or more of each of the following items:

  • NERC CIP, IT Compliance ,Cyber Security or financial audits

  • Disaster recovery and resilience procedures and documentation

  • Planning and executing cross-functional projects and programs

  • Audit management procedures: process documentation, evidence validation, remediation planning, project management

  • NIST Security Standards, COBIT 5, COSO Control Frameworks, or SSAE16, SAS70, or ISAE 3402

  • Regulatory agencies, Electric Utility Regional Entities, or Third Party Auditors

  • Strong technical writing skills with an ability to aggregate information for reporting status or metrics

  • Coordinate projects across different business areas or within IT and able to engage the right resources with the right urgency appropriate to the issue

  • Excellent communication skills – able to effectively collaborate and partner with others within and outside their comfort zone

Licenses/Certifications: One or more of the following is desired: CISSP, CISA, CISM, CRISC, GIAC, or NAS Aggregate (I.E., All three CompTIA Network+CE, Security+CE, and A+CE).

Equal Opportunity Employer | Minorities/Females/Disability/Vets