Technology Organization Risk & Compliance Analyst

The Technology Organization Risk & Compliance Analyst at Southern Company manages risk and compliance, ensuring adherence to standards like Sarbanes Oxley and NERC CIP. Responsibilities include acting as a subject matter expert, coordinating audits, managing risk profiles, performing risk assessments for new applications, and developing policies. The role is based in Atlanta or Birmingham and requires occasional overnight travel.
Job Description

Technology Organization Risk & Compliance Analyst

This role manages risk and compliance for SCS TO, ensuring controls meet internal and external standards such as Sarbanes Oxley, Separation Protocol, NERC CIP, and internal policies. Occasional overnight travel is required. The position is based in Birmingham at APC headquarters or Atlanta at GPC headquarters.

Key Responsibilities

Subject Matter Expertise in Technology Risk and Controls

Act as the Subject Matter Expert (SME) on technology risk and control activities, providing guidance and support to both internal and external stakeholders. Ensure that all relevant parties have a comprehensive understanding of the organization's technology risk landscape and the associated controls.

Audit Representation and Coordination

Represent the Technology Organization in various auditing activities. Ensure that all aspects of the Technology Organization are clearly communicated, accurately reflected in audit plans, and appropriately addressed in audit findings, Sarbanes Oxley (SOX) controls, and other deliverables. Collaborate with audit teams to facilitate thorough and effective audits.

Risk Profile Management

Direct the Technology Organization's risk profile in accordance with Enterprise Risk Management (ERM) requirements. Continuously monitor and assess risks, ensuring alignment with the organization's overall risk appetite and compliance objectives.

Risk Assessment of New Applications

Perform risk assessments for new applications and their supporting infrastructure. Apply IT General Controls (ITGC) to evaluate and mitigate potential risks associated with the introduction of new technologies.

Internal Audit Relationship Management

Manage the relationship with the Internal Audit function for the Technology Organization. Oversee the remediation of audit observations, evaluate findings, and act as a liaison on behalf of the organization to ensure that all internal audit requirements are met and addressed appropriately.

Policy and Standards Development

Facilitate the development and documentation of new Technology Organization policies and standards. Work closely with Compliance, Internal Audit, and other relevant organizations to ensure that all policies meet the control standards established by the company.

Reporting and Metrics

Deliver management-level summaries of risk and compliance issues to senior management, including the Chief Information Technology Officer (CITO). Present concise business-oriented summaries and develop, document, and publish metrics to measure the success of the Technology Organization for use by senior leadership.

Operational Efficiency and Automation

Identify and recommend changes to streamline or automate risk/compliance activities. Seek opportunities to improve operational efficiency and reduce manual processes in risk and compliance management.

Proactive Risk Management

Oversee the creation and maturation of a proactive risk management function within the organization. Promote risk awareness and best practices across teams to foster a strong risk management culture.

ServiceNow IRM Application Ownership

Own and manage the ServiceNow Integrated Risk Management (IRM) application to support Technology Organization risk management activities. Ensure effective use and maintenance of the tool for ongoing risk management needs.

Backup Support for Critical Initiatives

Provide backup support to other risk and compliance teams, assisting with critical initiatives such as SOX, TSA, and NERC CIP compliance activities. Collaborate as needed to ensure organizational compliance with key regulatory and internal standards.

JOB REQUIREMENTS

Education Requirements
• BS/BA Degree in Computer Science / Information Security or related field preferred
• CRISC, CISA or related industry certifications preferred

Experience Requirements
• Prior Technology Security, Server Support, and/or internal controls experience preferred

Preferred Areas of Knowledge
• Technology controls and processes
• Industry regulations
• Compliance programs and auditing practices
• Information Security principles
• Control frameworks including COBIT-5, NIST or similar control framework
• ServiceNow IRM

Skills Desired
• Detail oriented while working in a fast-paced environment
• Strong oral and written communication skills with ability to communicate effectively at all levels
• An ability to effectively influence others with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication
• Capable of understanding complex technical information
• Strong analytical skills
• Positive attitude, team player & creative problem-solving skills
• Effective time management skill and good business judgment
• Able to multi-task and handle multiple projects simultaneously
• Proficiency with computer skills including Microsoft Suite products (MS Word, Excel, PowerPoint) required
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Ability to understand deep technical concepts and translate those concepts to non-technical people.
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.

About Us

About Southern Company

Southern Company (NYSE: SO) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com.

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf. Additional and specific details about total compensation and benefits will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

About the Team

Southern Company Services