Technology Organization Risk & Compliance Analyst

This position will perform support functions in the Technology Organization (TO) risk management and compliance activities for SCS TO organization.  The position will help ensure that SCS TO has appropriate controls in place and can demonstrate compliance with internal and external requirements including North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Transportation Security Administration Pipeline Security Directives (TSA SD), and Sarbanes-Oxley (SOX).  Occasional overnight travel may be required.  This position is located in either Birmingham at the APC headquarters or in Atlanta at the GPC headquarters location.

 

JOB RESPONSIBILITIES 

Serve as support for technology risk and control activities for internal and external stakeholders related to applicable compliance programs Facilitate the execution of the Technology Organization’s patch and vulnerability management review processes in support of compliance with applicable compliance programs Support the implementation of new compliance requirements impacting the Technology Organization Manage work practices documentation in support of applicable compliance programs Facilitate new training opportunities and refresh current training Support the Technology Organization efforts during routine audits of applicable compliance programs by both internal and external audit teams  Support Senior Staff with the execution of monthly, quarterly, annual, and other periodic control reviews to support compliance with regulatory requirements Interact and assist with other departments to report and investigate instances of potential non-compliance, and develop and track associated mitigation plans to completion as necessary Work collaboratively with other Compliance Coordinators to meet all team goals, and assist with other compliance issues as workload dictates Build and sustain strong working relationships with individuals and workgroups across the Technology Organization and throughout Southern Company Perform internal control monitoring and testing of Technology Organization’s compliance programs for applicable compliance programs Manage all projects and other assigned responsibilities effectively to meet deadlines

 

JOB REQUIREMENTS 

Education Requirements

BS/BA Degree in Computer Science / Information Security/ Information Systems or related field preferred 

 

Experience Requirements

Prior Technology Security, Server Support and/or internal controls experience not required but preferred

 

Preferred Areas of Knowledge

Technology controls and processes Compliance frameworks Knowledge of power utility equipment and Cyber Assets associated with the Bulk Power System

 

Skills Desired

Positive attitude, team player & creative problem-solving skills  Detail oriented while working in a fast-paced environment  Strong oral and written communication skills with ability to communicate effectively at all levels  An ability to effectively influence others with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication Strong analytical skills  Effective time management skills and good business judgment  Able to multi-task and handle multiple projects simultaneously  Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one Ability to understand deep technical concepts and translate those concepts to non-technical people An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business Ability to understand, gather and assess information as done in internal audits, investigations, peer reviews, QA reviews, etc.