Technology Organization Risk & Compliance Analyst

Technology Organization Risk & Compliance Analyst This role manages risk and compliance for SCS TO, ensuring controls meet internal and external standards such as Sarbanes Oxley, Separation Protocol, NERC CIP, and internal policies. Occasional overnight travel is required. The position is based in Birmingham at APC headquarters or Atlanta at GPC headquarters. Key Responsibilities Subject Matter Expertise in Technology Risk and Controls Act as the Subject Matter Expert (SME) on technology risk and control activities, providing guidance and support to both internal and external stakeholders. Ensure that all relevant parties have a comprehensive understanding of the organization's technology risk landscape and the associated controls. Audit Representation and Coordination Represent the Technology Organization in various auditing activities. Ensure that all aspects of the Technology Organization are clearly communicated, accurately reflected in audit plans, and appropriately addressed in audit findings, Sarbanes Oxley (SOX) controls, and other deliverables. Collaborate with audit teams to facilitate thorough and effective audits. Risk Profile Management Direct the Technology Organization’s risk profile in accordance with Enterprise Risk Management (ERM) requirements. Continuously monitor and assess risks, ensuring alignment with the organization's overall risk appetite and compliance objectives. Risk Assessment of New Applications Perform risk assessments for new applications and their supporting infrastructure. Apply IT General Controls (ITGC) to evaluate and mitigate potential risks associated with the introduction of new technologies. Internal Audit Relationship Management Manage the relationship with the Internal Audit function for the Technology Organization. Oversee the remediation of audit observations, evaluate findings, and act as a liaison on behalf of the organization to ensure that all internal audit requirements are met and addressed appropriately. Policy and Standards Development Facilitate the development and documentation of new Technology Organization policies and standards. Work closely with Compliance, Internal Audit, and other relevant organizations to ensure that all policies meet the control standards established by the company. Reporting and Metrics Deliver management-level summaries of risk and compliance issues to senior management, including the Chief Information Technology Officer (CITO). Present concise business-oriented summaries and develop, document, and publish metrics to measure the success of the Technology Organization for use by senior leadership. Operational Efficiency and Automation Identify and recommend changes to streamline or automate risk/compliance activities. Seek opportunities to improve operational efficiency and reduce manual processes in risk and compliance management. Proactive Risk Management Oversee the creation and maturation of a proactive risk management function within the organization. Promote risk awareness and best practices across teams to foster a strong risk management culture. ServiceNow IRM Application Ownership Own and manage the ServiceNow Integrated Risk Management (IRM) application to support Technology Organization risk management activities. Ensure effective use and maintenance of the tool for ongoing risk management needs. Backup Support for Critical Initiatives Provide backup support to other risk and compliance teams, assisting with critical initiatives such as SOX, TSA, and NERC CIP compliance activities. Collaborate as needed to ensure organizational compliance with key regulatory and internal standards.