We are looking for an IT Risk and Compliance Analyst to join our team at AES.
Responsible for the execution of IT General control and applications related security controls (mainly in SAP) assuring effectiveness, and issues follow-ups, based on the company compliance programs.
Objective of the position:
Provide IT process governance through the execution of ITGC controls to achieve compliance with IT policy and regulatory requirements, acting as liaison between auditors and IT management.
Responsibilities:
- Execute IT General control and applications related security controls (mainly in SAP) assuring effectiveness, and issues follow-ups, based on the company compliance programs.
- Participate in preliminary self-assessment control tests of the IT General Controls catalog for the in-scope applications.
- Support internal/external IT audits including walkthroughs, retaining test evidence for in scope assets and tracking action plans to either remediate or mitigate potential risk exposure findings.
- Perform the semi-annual User Access Certification process including information gathering, management responses tracking, and results review to follow through on corrective actions.
- Support the maintenance of the risk register, and the area key performance indicators.
Requirements for the position:
- Bachelor´s degree in Information system engineering or similar.
- Experienced in GRC areas including regulatory, operational, information and energy industry specific, including controls over industrial environments (OT)
- Good overall knowledge of IT General Controls.
- Advanced command of the English language and skills to communicate effectively with different stakeholders.
- 2+ years’ experience in risk management and compliance programs (SOX, PCI, ISO, etc.)
- Well organized and detail oriented.
- Preferably with knowledge of one or more of the following systems/tools: SAP, Salesforce, Ariba, Service Now, Active Directory, Workday, Sailpoint.
- OT (Operational Technology) controls experience will be a plus.
Job Challenges
- Ensure that assigned IT controls are effectively and timely executed and documented, and control standard and procedures are in place.
- Propose control improvements and automatization (Phyton, Alteryx, UI path, Power Automate).
- Audit reviews passed without significant findings.
- Eagerness to take on new responsibilities in a growing area and constantly changing Digital environment.
Mejoramos la vida de más de 10+ millones de personas a través de la entrega segura y confiable de energía. Uno de cada tres hogares se iluminan con nuestro trabajo.
