IT SOX Controls Lead

Company Summary Statement : As one of the largest investor-owned utility companies in the United States, PPL Corporation (NYSE: PPL), is committed to creating long-term, sustainable value for our 3.5 million customers, our shareowners and the communities we serve. Our high-performing regulated utilities — PPL Electric Utilities, Louisville Gas and Electric, Kentucky Utilities and Rhode Island Energy — provide an outstanding experience for our customers, consistently ranking among the best utilities in the nation. PPL’s companies are also addressing challenges head-on by investing in new infrastructure and technology that is creating a smarter, more reliable and resilient energy grid. We are committed to doing our part to advance a cleaner energy future and drive innovation that enables us to achieve net-zero carbon emissions by 2050 while maintaining energy reliability and affordability for the customers and communities we serve. PPL is a positive force in the cities and towns where we do business, providing support for programs and organizations that empower the success of future generations by helping to build and maintain strong, diverse communities today. Overview: Responsibilities:

• Lead and perform the design documentation of IT general controls (ITGC), application controls, and applicable system development controls.
• Identify and implement operational improvements to drive compliance, efficiency, and education in the IT SOX environment.
• Align IT SOX control framework with overall IT Cybersecurity strategy.
• Perform review of any documentation supporting “as is” controls.
• Perform root cause analysis to identify gaps in IT-related controls.
• Advise and support management in defining appropriate remedial actions.
• Track remedial actions to closure, including the testing of controls for operational effectiveness.
• Represent IT in meetings and communications with corporate and external audit teams.
• Analyze and solve complex problems and make recommendations for how to advance PPL’s cybersecurity profile with a team of motivated individuals.
• Perform assessments and help the organization institute and monitor compliance with NIST cybersecurity framework and regulatory requirements.
• Balance security best practices and business drivers against framework requirements, business risk, and impact to make recommendations that minimize PPL’s risk profile.
• Collaborate with cross-functional teams to integrate security controls and processes into infrastructure and applications.
• Provide periodic updates or reporting to management.
• Identify and apply strategies to optimize resource utilization and minimize cost.
• May supervise or mentor junior team members.
• All other duties and projects as assigned.

Qualifications:

Required Qualifications

Education

• Bachelor's degree in Computer Science, Information Systems, Accounting, or related field

Experience

• A minimum of 7 years of in IT Audit, Compliance, Cybersecurity or a related field.
• Strong understanding of SOX requirements and control frameworks.
• Experience in ITGC SOX risk assessment, scoping, testing, deficiency assessment, and concluding/reporting.
• Experience with the assessment and testing of controls related to Internal Control over Financial Reporting (ICFR).
• Experience with applying SOX compliance frameworks, to successfully comply with security policies, standards, and guidelines.
• Experience with designing and implementing ITGCs with relevant stakeholders.
• Experience in preparing and maintaining SOX documentation including control narratives, scoping determinations, etc.
• Experience with IT audit methodologies and tools.
• Ability to clearly articulate task completion progress and flag any potential issues.
• Ability to navigate through ambiguity, handle and coordinate multiple project assignments simultaneously in a fast-paced, environment.
• Ability to take ownership and be accountable for processes while delivering on commitments.
• Understanding of requirements gathering, discovery, service mapping, problem management, asset management, project management, and service catalogs as they relate to regulatory compliance.
• Proven experience establishing, managing, and validating requirements with external parties.
• Experience creating and implementing internal processes to drive compliance, efficiency, and education.
• Experience working in Agile teams and have knowledge of Agile principles and practices.
• Strong leadership, communication, and interpersonal skills.
• Strong project management and organizational skills.
• Collaborative and effective in cross-functional team environments.
• Strong analytical skills to assess risks and vulnerabilities in complex systems.

• Master's degree in related technical discipline or MBA degree.
• IT related audit experience.
• Auditing/Compliance related experience in Enterprise Resource Planning (ERP) Solutions (SAP, Oracle, Microsoft, etc.).
• Prior experience in the design and implementation of control designs in ERP Solutions.
• Experience in developing and implementing IT Cybersecurity governance practices and processes.