Southwest Power Pool Little Rock, AR, United States
The Senior Quality Control Specialist develops, evaluates, and oversees the implementation of processes, procedures, and practices supporting compliance with required IT internal controls with a focus on Emergency Management/Business Continuity (EMBC) and System Recovery Planning. These internal controls are used to govern the IT processes that help to ensure compliance with the NERC Critical Infrastructure Protection Standards, SSAE-18 SOC-1 Control Objectives, and SPP governing documents. EMBC and Recovery Planning ensures continuation of business operations and system functionality in the event of a disruption such as natural disasters, terrorism, crime, and human error. The Quality Control department works closely with the SPP Compliance department, the IT Cyber Security department, and IT subject matter experts to identify and implement risk mitigation strategies to assist in compliance and protection of SPP’s assets. The department is also responsible for conducting timely internal reviews of evidence to ensure ongoing compliance obligations are met. The department maintains the documentation of all processes and procedures related to compliance for IT including the associated and applicable Reliability Standard Audit Worksheets (RSAWs). The Senior QC Specialist demonstrates an expert understanding of IT requirements and standards to provide coordination, direction, and communication across IT resources and stakeholders as they relate to compliance and risk mitigation. This includes but is not limited to ongoing assessment of IT recovery plans, processes, procedures, and practices, creation of reports to provide assessment results, document management, test planning and test execution activities, and coordination of IT process improvement efforts. The Senior Quality Control Specialist is expected to serve as IT’s System Recovery Planning subject matter expert, working with technical subject matter experts, ensuring are sufficient, executable, and meet requirements for recovery of business functions. This position leads and coordinates required EMBC/Recovery-related operational and table-top testing exercises. This position is responsible for EMBC/Recovery departmental processes and procedures are established and maintained. The Senior Quality Control Specialist may serve as a primary contact within IT for evidencing compliance with standards during audits, discussing findings and recommendations with auditors, and recommending appropriate IT process and system enhancements. Likewise, the Senior serves as the primary contact for IT in mitigating any potential violations, working directly with the SPP Compliance counterpart. The Senior Quality Control Specialist may be required to attend compliance forums and working group meetings. The incumbent is required to maintain an understanding of the approved CIP standards, and an awareness of proposed changes to the standards that have a potential impact to SPP. Essential Functions: Leads assessment of impacts of proposed technological or organizational changes and coordinates any revisions to existing technical recovery plans necessitated by such changes. Plan, lead, and facilitate IT processes, including creation and periodic testing, related to EMBC and system recovery activities; ensuring that the results of all tests and exercises are documented and that enhancements to Recovery Plans are identified and recommended for implementation. Serves as IT EMBC/Recovery Plan subject matter expert, collaborating with IT technical plan owners. Collaborates with multiple departments to assure that IT’s EMBC/Recovery Plan program supports Compliance, Audit, and organizational EMBC guidelines. Lead and coordinate compliance efforts for the IT department, specifically related to CIP standards and SOC1 control objectives. Assume an active role in the evaluation, implementation, and maintenance of IT compliance processes and risk assessment process, procedures, and practices, including reporting and oversight of remediation efforts. Assume an active role for IT in mitigating alleged audit violations, including applicable documentation and training updates, including working across impacted business groups when applicable. Work with the Cyber Security department to establish and conduct periodic compliance reviews of IT internal controls, in support of evidencing compliance. Establish and maintain metrics for ongoing assessment of compliance standards and requirements. Meet with internal and external auditors to review audit findings and discuss audit evidence. Participate in technical discussions that may have compliance related impacts and provide guidance as appropriate. Provide training and educational assistance in areas of expertise to other employees, as needed especially specific to compliance and changes to compliance standards, objectives, processes, and procedures. Identify and implement compensating controls to reduce risk of non-compliance in support of IT’s Cyber Security Framework and internal controls inventory. Coordinate IT Business Process Improvement initiatives. Provide leadership, direction, and expertise to the IT Quality Control department with minimal supervision. Lead by example in fostering the SPP Corporate Culture and Business Model. Develop and maintain effective collaborative relationships, communication, and contact with staff members as well as applicable external parties. Strictly adhere to SPP Policies, Procedures, and Controls Qualifications: Education Requirements: Bachelor degree or equivalent technical experience in computer science, business administration, or related field Experience Requirements: Eight (8) years of combined experience related to IT, System Recovery, or Business Continuity and Emergency Management Required: Understanding of IT EMBC/System Recovery processes/practices Ability to comprehend/interpret technical concepts Communication skills and ability to work with stakeholders as well as with regulators Documentation skills specific to process and procedures The exercise of independent judgment without fear of reprisal A wide range of skills including: oral and written communications; testing; project management; and strong inter-personal skills Ability to function with constantly changing and multiple priorities Excellent organizational skills General understanding of industry compliance requirements Understanding of, compliance with, and enforcement of SPP Policies and Procedures Preferred: Experience with internal controls and/or CIP requirements Business Continuity and Emergency Management and/or Homeland Security certifications Physical Demands: Job requires working at a computer for long periods of time Travel Requirement: This position requires minimal travel (< 10%). Should you elect to apply for this position SPP will review your qualifications. If after reviewing the qualifications and experience of all applicants, your skills and credentials meet our needs, someone from our organization may contact you. Please be advised that the time required to complete the applicant review process typically takes between 30 and 90 days, but could extend beyond that. Once the position has been filled, all applicants will be notified via email. Southwest Power Pool is an Equal Opportunity Workplace and an Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, age or any other protected category.