The Cyber Info Assurance Analyst II/III is responsible for the design and implementation of information assurance and data security in SOX In-Scope Key Applications by developing and managing the Company's SOX General IT Controls (GITCs) compliance program. Coordinate all aspects of GITCs over SOX In-Scope Key Applications by providing subject matter expertise on control matters with a primary focus on SOX compliance across Cybersecurity and IT. Collaborate with management, internal and external audit, Cybersecurity and Information Technology teams to evaluate internal control over SOX In-Scope Key Applications. From the cybersecurity perspective, assess and mitigate data security threats and risks throughout the SOX Compliance program and validate data security requirements through analysis.
Minimum Requirements
Level II
- Bachelors' degree in computer science, business administration, finance, accounting, or related field and two (2) years prior relevant experience or equivalent combination of education and directly related experience.
- Requires working technical knowledge gained through experience within a job area or system
Level III
- Bachelors' degree in computer science, business administration, finance, accounting or related field and five (5) years of prior relevant experience or equivalent combination of education and related experience.
- Risk management and information security framework experience
- Requires advanced level knowledge gained through experience within a job area or system
- Strong interpersonal, presentation, risk management and project leadership skills, with effective written and oral communication skills
Preferred Special Skills, Knowledge or Qualifications:
- Advanced knowledge of network and information assurance; security and malware detection and prevention technologies; information assurance regulations and standards; compliance; and software (applications and programming); communication protocols; security design; Information Assurance Vulnerability Management program (IAVM) and other information assurance programs.
- Skill in design and implementation of information assurance programs and supporting secure systems operations.
- Ability to design and implement information assurance and security systems with multiple requirements, including but not limited to business continuity, physical security, data security; educate internal and external stakeholders on information assurance policies and practices.
- CISSP, CISA, CRISC or CIPP designation preferred.
- Audit experience providing assurance work over internal controls preferred
- Related experience and a comprehensive understanding of business processes, general information technology controls (GITCs), IT system controls, auditing principles, and SOX compliance.
Major Accountabilities
1) Follow information security and data privacy framework controls to ensure adequate protection procedures exist around APS's SOX In-Scope Applications and supporting systems.
2) Maintains and regularly reconciles, in partnership with the SOX Compliance and Technical Accounting Research Consultant, the inventory of SOX In-Scope applications and supporting systems to build a proactive and compliant SOX GITC program.
3) Provides analysis, design, development, implementation and security assessments to ensure SOX compliance
4) Facilitate the development of documentation in support accreditations, and perform vulnerability management activities for SOX In-Scope Key Applications and supporting systems.
5) Complete audits of the SOX In-Scope Key Applications or supporting systems, aligning controls and requirements to company adopted frameworks
6) Initiate improvements of processes, systems, or products to enhance performance of the technical area
7)Communicate status of annual plan, evaluate audit findings, and provide recommendations for remediation to management, process owners, and internal and external audit teams.
8)Conduct annual SOX GITC "refresh" to assess updates, additions or deletions needed across all GITCs in place. Evaluate the impact of new or updated IT systems and provide expertise of the impact to the Company's SOX compliance program.
9). Develop and maintain strong working relationships with management and internal and external auditors. Act as a liaison between the groups with regard to SOX compliance and SOX GITC audit testing plans.
10). Assist process owners and internal audit with the SOX risk assessment and maintenance of SOX documentation for new or changing processes, risks, and IT systems.
11). Develop and deliver SOX training and ensure stakeholders are sufficiently trained on SOX GITC requirements, design, and ownership.
12). Perform deficiency evaluations to determine impact of identified GITC issues and update quarterly SOX log for distribution to the SOX Steering Committee and Audit Committee; lead mitigation efforts with control owners and performers for identified GITC deficiencies until remediated.
APS
400 North 5th Street
Phoenix
Arizona États-Unis
www.aps.com