Employer: American Electric Power
*This position is located in Columbus, Ohio but may be eligible for remote home based as long as selected candidate is within AEP’s current operating territory (WV, VA, TN, AR, TX, OH, IN, MI, OK, LA)*
This controls professional will be responsible for and will participate in all aspects of the design, monitoring and implementation of IT controls and the associated compliance program. Ideally a successful candidate for this position will have 3 plus years of IT audit experience preferably with a big 4 or national advisory firm in a Sarbanes Oxley (SOX) focused practice and has had demonstrated success in a client service role.
It is expected that this candidate works with limited direction from senior team members and has the experience to perform successfully in the following areas:
- Rendering and presenting IT security controls topics competently to team members and AEP’s leaders and IT control owners;
- Establishing recommendations based on options presented;
- Collaborating on team learning needs and engaging in opportunities to increase knowledge in IT security control areas;
- Gathering first-hand information on security controls requirements to find the most cost-effective improvements in IT security controls posture;
- Researching and suppling new opportunities to improve security controls posture and presenting new ideas and approaches;
- Formulating effective work plans and sharing them with other team members, groups and especially control owners to meet required IT security controls objectives;
- Communicating the role and expectations of IT Security Controls Management in meeting Enterprise and IT strategies.
Additional areas of responsibilities for this professional include:
- Assisting management with improving the efficiency / effectiveness of their controls;
- Analysis of operations and communication of findings including identification of root causes and providing recommendation;.
- Plan and conduct information technology audits;
- Performing Moderate to Expert Data Analysis – routinely performing tasks to produce and analyze large datasets to determine patterns and spot anomalies with access related items impacting;.
- Performing control monitoring / creation – troubleshooting problem areas and helping to design and create creating controls to strengthen the risk posture of the organization;
- Responsible for supervising, mentoring training and supporting the development of team members and interns;
- Communicating status of work, problems, and findings to both internal management and client;
- Supporting other teams within the organization to provide subject matter expertise.
- Bachelors degree in computer science/cyber or related field;
- Or Associate’s degree with 2 years of IT system administration/help desk work experience;
- or high school diploma/GED with 4 years IT system administration/help desk work experience; or graduation from an approved cyber security program; alternatively may have non-degree qualifications (such as hands-on demonstrated ability in a technical interview/assessment);
- 4 or more years of Information Technology related experience; or 2 or more years of cyber related military/government work experience (in addition to any experience identified above).
Other Preferred Qualifications:
- 3+ years’ IT audit experience (highly desired)
- Demonstrated success in a client service role, preferably with Big 4 or national advisory firm (highly desired)
- CISA Certification
- Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools
- Experience with evaluating and designing people processes and procedures to reduce Information Security risks
- Ability to interact with external auditors and members of senior management to deliver expectations, scope, and communicate results
- Working knowledge of basic financial accounting, auditing, and financial reporting concepts
- Subject matter expertise related to:
- SSAE 18 / SOC 1 / SOC 2
- Sarbanes-Oxley and PCAOB requirements
- IT risk assessment / operational IT audit
- IT general controls
- Information security / cyber frameworks (ISO 27000, NIST, AICPA, etc.)