American Electric Power IT Risk & Compliance Spec Sr in Columbus, Ohio
IT Risk & Compliance Spec Sr
moderate-to-large scale assignments with limited direction from senior team members
providing guidance and direction to more-junior team members
the execution and / or oversight of technical controls throughout the IT environment (infrastructure, applications, telecom) and cyber security environment with moderate direction from senior team members
developing advanced understanding of risk and compliance practices and concepts
gathering, investigating, and analyzing risk and compliance requirements, processes, and incidents.
development and maintenance of necessary documentation of systems, projects, and/or processes
direct involvement in implementation, support and usage of technical solutions
engagement in all phases of Audit Management processes
maintaining an open and collaborative environment that promotes safety, accountability, engagement, and continuous improvement throughout AEP
Communicates IT risk management methodologies and practices to IT, Telecommunications, and cyber security; adhere to guidance from Assurance team
Participates in Operational Risk Program for IT and Telecommunications; close alignment with Enterprise Business Continuity, Enterprise Risk Management, and Operational Risk Management
Participates in Recovery Operations – development and analysis of testing, documentation, metrics, processes and procedures
Serves as Business Continuity Coordinator (BCC) for the Infrastructure team
Engagement with Assurance team when validating and testing all controls related to Resilience procedures
Participate in all projects and initiatives that require risk-related controls
Ensures audit evidence and request deadlines are met
Involvement in development and support of mitigations and remediations, new processes, new policies, new controls
Building and sustaining collaborative relationships with Operating Company and Business Unit management, and with external partners, suppliers, and vendors
Responsible for understanding the regulatory details (i.e. NERC CIP, SOx, HIPPA, etc) to which AEP must comply
Assist in coordinating some work assignments of lower level team members within the group. Contributes to the creation of a climate in which people want to do their best.
Develop and present documents and reports clearly, concisely, and effectively. Adjust and translate delivery style to fit the audience.
Identifies, clarifies, resolves, and initiates solutions to risk-related concerns
Supports Operations and Assurance team when necessary
Actively participates in team initiatives and meetings by preparing, making contributions and following through on agreements.
On-going professional and personal development
Auto req ID:
Education: Bachelors degree in IT related field OR Associates degree with 2 years IT related field experience OR High School Diploma/GED with 4 years Cyber Security or IT related field experience.
Experience: Six or more years of IT related security technical experience (in addition to any experience identified above).
Two or more years of experience with one or more of each of the following items:
NERC CIP, IT Compliance ,Cyber Security or financial audits
Disaster recovery and resilience procedures and documentation
Planning and executing cross-functional projects and programs
Audit management procedures: process documentation, evidence validation, remediation planning, project management
NIST Security Standards, COBIT 5, COSO Control Frameworks, or SSAE16, SAS70, or ISAE 3402
Regulatory agencies, Electric Utility Regional Entities, or Third Party Auditors
Strong technical writing skills with an ability to aggregate information for reporting status or metrics
Coordinate projects across different business areas or within IT and able to engage the right resources with the right urgency appropriate to the issue
Excellent communication skills – able to effectively collaborate and partner with others within and outside their comfort zone
Licenses/Certifications: One or more of the following is desired: CISSP, CISA, CISM, CRISC, GIAC, or NAS Aggregate (I.E., All three CompTIA Network+CE, Security+CE, and A+CE).
Equal Opportunity Employer | Minorities/Females/Disability/Vets