Cyber Information Assurance Analyst II/III (SOX)

The Cyber Info Assurance Analyst II/III isresponsible for the design and implementation of information assurance and data security in SOX In-Scope Key Applications by developing and managing the Company's SOX General IT Controls (GITCs) compliance program. Coordinate all aspects of GITCs over SOX In-Scope Key Applications by providing subject matter expertise on control matters with a primary focus on SOX compliance across Cybersecurity and IT. Collaborate with management, internal and external audit, Cybersecurity and Information Technology teams to evaluate internal control over SOX In-Scope Key Applications. From the cybersecurity perspective, assess and mitigate data security threats and risks throughout the SOX Compliance program and validate data security requirements through analysis.

Level II

• Bachelors' degree in computer science, business administration, finance, accounting, or related field and two (2) years prior relevant experience or equivalent combination of education and directly related experience.
• Requires working technical knowledge gained through experience within a job area or system

Level III

• Bachelors' degree in computer science, business administration, finance, accounting or related field and five (5) years of prior relevant experience or equivalent combination of education and related experience.
• Risk management and information security framework experience
• Requires advanced level knowledge gained through experience within a job area or system
• Strong interpersonal, presentation, risk management and project leadership skills, with effective written and oral communication skills

Preferred Special Skills, Knowledge or Qualifications:

• Advanced knowledge of network and information assurance; security and malware detection and prevention technologies; information assurance regulations and standards; compliance; and software (applications and programming); communication protocols; security design; Information Assurance Vulnerability Management program (IAVM) and other information assurance programs.
• Skill in design and implementation of information assurance programs and supporting secure systems operations.
• Ability to design and implement information assurance and security systems with multiple requirements, including but not limited to business continuity, physical security, data security; educate internal and external stakeholders on information assurance policies and practices.
• CISSP, CISA, CRISC or CIPP designation preferred.
• Audit experience providing assurance work over internal controls preferred
• Related experience and a comprehensive understanding of business processes, general information technology controls (GITCs), IT system controls, auditing principles, and SOX compliance.

1) Follow information security and data privacy framework controls to ensure adequate protection procedures exist around APS's SOX In-Scope Applications and supporting systems.
2) Maintains and regularly reconciles, in partnership with the SOX Compliance and Technical Accounting Research Consultant, the inventory of SOX In-Scope applications and supporting systems to build a proactive and compliant SOX GITC program.
3) Provides analysis, design, development, implementation and security assessments to ensure SOX compliance
4) Facilitate the development of documentation in support accreditations, and perform vulnerability management activities for SOX In-Scope Key Applications and supporting systems.

5) Complete audits of the SOX In-Scope Key Applications or supporting systems, aligning controls and requirements to company adopted frameworks

6) Initiate improvements of processes, systems, or products to enhance performance of the technical area

7)Communicate status of annual plan, evaluate audit findings, and provide recommendations for remediation to management, process owners, and internal and external audit teams.

8)Conduct annual SOX GITC "refresh" to assess updates, additions or deletions needed across all GITCs in place. Evaluate the impact of new or updated IT systems and provide expertise of the impact to the Company's SOX compliance program.

9). Develop and maintain strong working relationships with management and internal and external auditors. Act as a liaison between the groups with regard to SOX compliance and SOX GITC audit testing plans.

10). Assist process owners and internal audit with the SOX risk assessment and maintenance of SOX documentation for new or changing processes, risks, and IT systems.

11). Develop and deliver SOX training and ensure stakeholders are sufficiently trained on SOX GITC requirements, design, and ownership.

12). Perform deficiency evaluations to determine impact of identified GITC issues and update quarterly SOX log for distribution to the SOX Steering Committee and Audit Committee; lead mitigation efforts with control owners and performers for identified GITC deficiencies until remediated.

This position may require access to and/or use of information subject to control under the Department of Energy's Part 810 Regulations (10 CFR Part 810), the Export Administration Regulations (EAR) (15 CFR Parts 730 through 774), or the International Traffic in Arms Regulations (ITAR) (22 CFR Chapter I, Subchapter M Part 120) (collectively, 'U.S. Export Control Laws'). Therefore, some positions may require applicants to be a U.S. person, which is defined as a U.S. Citizen, a U.S. Lawful Permanent Resident (i.e. 'Green Card Holder'), a Political Asylee, or a Refugee under the U.S. Export Control Laws. All applicants will be required to confirm their U.S. person or non-US person status. All information collected in this regard will only be used to ensure compliance with U.S. Export Control Laws, and will be used in full compliance with all applicable laws prohibiting discrimination on the basis of national origin and other factors. For positions at Palo Verde Nuclear Generating Stations (PVNGS) all openings will require applicants to be a U.S. person.

Pinnacle West Capital Corporation and its subsidiaries and affiliates ('Pinnacle West') maintain a continuing policy of nondiscrimination in employment. It is our policy to provide equal opportunity in all phases of the employment process and in compliance with applicable federal, state, and local laws and regulations. This policy of nondiscrimination shall include, but not be limited to, recruiting, hiring, promoting, compensating, reassigning, demoting, transferring, laying off, recalling, terminating employment, and training for all positions without regard to race, color, religion, disability, age, national origin, gender, gender identity, sexual orientation, marital status, protected veteran status, or any other classification or characteristic protected by law.

For more information on applicable equal employment regulations, please refer to EEO is the Law poster. Federal law requires all employers to verify the identity and employment eligibility of every person hired to work in the United States, refer to E-Verify poster. View the employee rights and responsibilities under the Family and Medical Leave Act (FMLA).

Arizona Public Service is a smoke free workplace.