Sign in

Senior IT Risk & Compliance Specialist (ITS4)

Southern California Edison
Rosemead, California, United States
February 13, 2017

Posted By Premium Recruiter


Highly-motivated; like challenge; collaborative; committed to delivering high quality work… Did we describe you? Read on…

Southern California Edison is one of the nation’s largest investor-owned electric utilities. We are an industry leader that is designing new and innovative ways to meet our customer’s needs. We are looking for highly motivated individuals who enjoy the challenge of working on key industry changing projects. We need your good ideas and your contributions to remain a leader in this industry.

About IT:

The role of IT goes beyond the traditional Information Technology “service provider.” Many of the innovative ideas and projects that shape the company’s future and move SCE forward are dependent on technology. IT employees are at the heart of these projects, collaborating, designing, and executing technology solutions that are transforming our industry

Position Overview:

IT is required to perform technical risk assessments, IT controls testing, and regulatory compliance audits to ensure compliance with regulatory, operational, and other management controls. This position is responsible for leading audits and reviews of the design and operational effectiveness of IT controls, as well as management testing for regulatory certification. The transition of electric grid systems production assessments to IT requires an additional resource with these technical skills and knowledge.

This position is primarily responsible for leading technical risk assessments, IT controls testing, and regulatory compliance audits. This specific position requires knowledge and expertise in NERC Critical Infrastructure Protection and Communications standards, and the associated risks and management controls. In addition, the work being performed requires a strong knowledge of general auditing procedures, risk identification and recommendations for remediation, the system of internal controls, regulatory and legal requirements. Also required is experience in developing audit plans, developing work estimates, assigning work to the team, overseeing detailed work activities, reporting status, and providing recommending control improvements to Senior Management.

This position will lead risk assessments and audits / reviews focused on assessing the design and operational effectiveness of general computing and other internal controls in the SAP, Applications, Infrastructure, Telecommunications, and IT Security areas to ensure regulatory and compliance requirements are met. Also, coordinates with external and internal auditors to ensure IT controls are assessed and executed to manage the risk to our electric grid, cyber assets, financial statements, public image, and company data.

Minimum Qualifications:

• Nine or more years of experience in IT Auditing, IT Compliance, or IT Controls.

• Must have experience with Risk Management, IT Security, and standards with IT implications.

Desired Qualifications:

• Bachelor’s Degree in Computer Information Systems, Computer Science, Management Information Systems, Business, Accounting, or Finance; or the equivalent combination of formal education, training, and experience.

• Certified Computer Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Quality Auditor (CQA) is preferred.

• Leads technical risk assessments for their assigned area and based on historical findings, evaluation of new technologies and changes to the IT environment, industry research, corporate and 3rd party risk assessments, internal audit recommendations, and Senior Leadership concerns.

• Defines technical audit / review plans for internal supporting personnel; defining the objective, scope, schedule, resource requirements, staffing, and deliverables.

• Leads and performs assessments of NERC standards compliance and tests the operating effectiveness of computing controls and documents the results in the requisite system(s).

• Leads assessments of computing controls design effectiveness to prevent, detect, and mitigate risk to our electric grid, cyber assets, financial statements, public image, and company data.

• Develops continuous technical controls monitoring and computer-assisted audit techniques, utilizing IT security tools to assess risk and focusing supporting personnel on high value areas.

• Informs and advises Senior Management of control strengths and weaknesses, potential risks, issues, and opportunities to promote a strong compliance culture.

• Works closely with control owners, technical subject matter experts, and regulatory case managers; ensuring corrective action plans are designed to remediate control gaps and risk.

• Leads regulatory reviews for compliance with California Public Utility Commission (CPUC) Affiliate Rules, Federal Energy Regulatory Commission (FERC), and North American Electric Reliability Corporation (NERC) requirements; as well as Senior Management requested review of IT Policies, Standards, and Operations.

• Information technology systems, programming, and databases.

• NERC, FERC, CPUC Affiliate Rule, and regulatory compliance and audit standards.

• Internal general computing and technical controls, and the associated risks.

• Mainframe, midrange, cloud, and storage computing platforms.

• Excellent oral and written communication, and information presentation, skills.

• Proficient in MS Word, Excel, and PowerPoint.


• Candidates for this position must be legally authorized to work directly as employees for any employer in the United States without visa sponsorship.

• This position has been identified as a NERC CIP impacted position - Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation. Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties.


Southern California Edison, an Edison International (NYSE:EIX) company, serves a population of nearly 14 million via 5 million customer accounts in a 50,000-square-mile service area within Central, Coastal and Southern California. Join the utility leader that is safely delivering reliable, affordable electricity to our customers for over 125 years.

Southern California Edison is an Affirmative Action and Equal Employment Opportunity employer of minority, female, protected veteran and individuals with disabilities. We are committed to building a diverse and inclusive workplace.