Technology Compliance Manager

• Job Title: Technology Compliance Manager
• Job Code: 130051
• Pay Grade: 58

Equal Opportunity Employer - Minorities, Women, Individuals with DisABILITIES & Veterans Encouraged to apply.

This position is integral to the comprehensive oversight and management of all facets related to Technology, Data, and Security in alignment with Sarbanes-Oxley (SOX) requirements, IT General Controls (ITGC), and other pertinent technology and security compliance mandates. The role actively supports IT Governance and Risk Management activities, ensuring robust internal controls are in place. Key responsibilities include facilitating the IT internal controls function through meticulous planning, coordination, and execution of both internal and external audits. This ensures that all in-scope applications and business processes adhere to Sarbanes-Oxley requirements and the IT General Controls framework. This position drives the standardization and maturity of processes across the enterprise, fostering a culture of continuous improvement. It involves preparing and presenting periodic reports to leadership, encompassing trends, metrics, and other relevant statistical data to inform strategic decision-making.

• Complex responsibilities related to primary focus of job area. Uses best practices and in-depth business knowledge to solve complex problems and improve products or services. May adapt procedures, processes and techniques to meet the more complex requirements of position.

• Facilitate the creation of the annual SOX and ITGC compliance execution plant through working with key stakeholders, and in accordance with IT policies and processes,
• Lead IT SOX resources, application owners and control owners in performing all related SOX and ITGC activities; activities include planning, scoping, design and risk assessments, testing, remediation, certification, etc... Periodically review the results and issues identified with the appropriate process owners and compliance managers. Brief key stakeholders and the IT Leadership accordingly.
• Continuously educate IT and process owners on the importance of maintaining a mature set of ITGC and related procedures; facilitate training, mentoring, and champion awareness campaigns relating to SOX and other compliance areas as applicable.
• Drive process maturity and champion the deployment of common processes and procedures. Utilize process improvement disciplines, introduce and participate in continued process improvement activities. Assist in the development, review, and maintenance of IT compliance policies and procedures. Ensure that policies are up-to-date and reflect current regulatory requirements and industry standards.
• Foster strong relationships with key stakeholders, including IT, Security, Operations, and external partners, to ensure alignment and collaboration on compliance objectives.
• Perform root cause analysis and trending to issues identified during assessments and audits; Track results and remediation efforts, share best practices; develop trend analyses, metrics and related reports. Oversee the management of compliance-related incidents, including investigation, documentation, and resolution. Implement corrective actions to prevent recurrence of compliance issues.
• Collaborate with IT teams to ensure that new technologies and systems are integrated with compliance requirements. Evaluate and recommend compliance tools and technologies to enhance the compliance program.
• Working with managers, maximize the reliance on management testing by internal and external auditors, through continuous robust assessments and SOX testing, in accordance with existing related procedures; assist in the continued rationalizing of SOX in-scope applications and tools.
• Assist in refining and strengthening the SOX Compliance Program. Conduct regular risk assessments to identify potential compliance risks and develop mitigation strategies. Monitor and report on the status of risk mitigation efforts to ensure timely resolution.
• Develop and maintain key performance indicators (KPIs) to measure the effectiveness of IT compliance programs. Prepare and present detailed reports to leadership, highlighting compliance trends, metrics, and areas for improvement.
• Stay informed about changes in regulatory requirements and industry standards related to IT compliance. Ensure that the organization remains compliant with evolving regulations.
• Participate in governance, risk assessments, and compliance (GRC) initiatives or special projects; perform other duties as assigned by the Leadership.
• All other duties as assigned.

• Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field and 5 years experience in audits, compliance, controls, IT or risk management; OR
• Associate's degree in Information Technology, Cybersecurity, Business, or a related field and 7 years experience in audits, compliance, controls, IT or risk management; OR,
• High School Diploma/GED and 9 years of experience in audits, compliance, controls, IT or risk management.
• Demonstrated experience and proficiency in using compliance and audit management tools; auditing ITGC and IT control testing of applications, operating systems, and databases.

• Computer usage for extended durations.
• Travel to other locations for work or training, including overnight stays, may be required.
• May work outside normal work week schedule.

• Member will not be required to drive in order to perform their job duties.
• Member is not required to perform any safety sensitive duties.

• Ability to work with and coordinate across IT, Security and Operations to ensure the appropriate internal controls and related processes are implemented alongside the deployment of new technologies or capabilities.
• Ability to plan and prioritize new IT internal control or compliance requirements.
• Public speaking, presentation, and meeting facilitation skills.
• Ability to maintain a professional demeanor, appearance and interactions.
• Interpersonal skills and ability to communicate well with various levels of leadership, members, operations, and external partners.
• Skilled at building relationships with members in various functional areas.
• Excellent written, verbal and interpersonal communication skills.
• Ability to think strategically as well as tactically; able to build a shared vision aligned with business objectives.
• Ability to understand problems, develop solutions, and take appropriate actions towards a resolution.
• Strong analytical and problem-solving skills to identify compliance issues and develop effective solutions.
• Familiarity with IT infrastructure, network security, and cloud computing environments.
• Up-to-date knowledge of emerging regulations and industry standards related to IT compliance and cybersecurity.
• Ability to manage multiple projects simultaneously, ensuring timely completion and adherence to compliance requirements.
• High level of accuracy and attention to detail in documentation and reporting.
• Experience in managing change within an organization, particularly in implementing new compliance processes and technologies.
• Strong collaboration skills to work effectively with cross-functional teams and external partners.
• Proficiency in conducting risk assessments and developing mitigation strategies.
• Ability to design and deliver training programs to educate employees on compliance requirements and best practices.
• Skills in handling compliance-related incidents and implementing corrective actions promptly.
• Ability to influence and build trust.

• Pre-Employment Drug Screen
• All positions in which driving is an essential function of the job, regardless if the job code is marked safety sensitive or not, will also be included as safety sensitive. Individuals in positions in which driving is an essential function are subject to the terms and conditions set forth in OGE Energy Corp.'s Drug Testing Plan.