GRC System Administrator I or II

Southwest Power Pool (SPP) is about more than power. We’re about the power of relationships. Our employees have the opportunity to work together to ensure electricity is delivered reliably and affordably to the millions of people living in our service territory. We have been voted one of Arkansas’ Best Places to work by Arkansas Business and we are looking for a member of our team who is passionate about our mission to keep the lights on!

We have a core ideology here at SPP that we stand by: Do the right thing, for the right reason, in the right way.

We believe in supporting our employees through a fantastic benefits package:

• Competitive pay with bonus opportunities
• Excellent insurance package including three great medical plans to choose from, employer-paid short term disability, long term disability, and life insurance
• Relocation assistance
• Flexible working environment for positions that are eligible where employees have the flexibility to work from home and come in where collaborative in person work is needed.
• Fantastic contributions to your retirement through a 401(k) savings plan with employer-match benefits and a defined benefit plan fully funded by SPP

As our GRC System Administrator I or II, you will:

Play a key role in enhancing SPP’s security posture and promoting a culture of compliance. Your responsibilities will include administering and maintaining GRC systems and tools, contributing to our risk management and compliance efforts. This position necessitates a solid understanding of GRC concepts, strong technical skills, and a dedicated focus on collaboration and effective communication.

Essential Functions: 

1. GRC System Administration:
   • Administer, configure, and maintain assigned GRC platform(s) to ensure optimal performance and reliability.
   • Implement access controls, user roles, and permissions to enforce security and compliance policies.
   • Assist in managing system upgrades, patches, and integrations with other IT systems.
   • Troubleshoot and Resolve system issues in a timely manner.
2. Policy and Compliance Management:
   • Collaborate with stakeholders to define, document, and enforce security policies and procedures.
   • Assist in monitoring and reporting on compliance with relevant industry regulations, standards, and internal policies.
   • Support the development and maintenance of internal security controls.
3. Risk Management:
   • Assist in identifying and assessing risks to the organization's information assets, operations, and reputation.
   • Contribute to the development of risk mitigation strategies and action plans.
   • Assist in maintaining risk registers and supporting risk reporting to executive leadership.
   • Assist in analyzing risks for mitigation, remediation and prevention.
   • Participate in investigating non-compliance with security controls to determine root causes and recommend improvements.
4. Incident Response:
   • Participate in incident response activities and investigations as assigned.
   • Assist in analyzing incidents to identify root causes and recommend improvements.
5. Training and Awareness:
   • Assist in developing training material (e.g. user’s guides, presentations, procedure documents).
   • Support training sessions and awareness campaigns to educate employees about GRC policies and best practices.
   • Provide guidance to staff on security and compliance-related matters.
6. Vendor Management:
   • Collaborate with vendors to ensure the effectiveness of GRC tools and services.
   • Assist in evaluating and selecting new GRC technologies as needed.
7. Documentation and Reporting:
   • Contribute to maintaining comprehensive documentation of GRC processes and configurations.
   • Assist in generating regular and ad-hoc reports for management and regulatory authorities.
8. Continuous Improvement:
   • Stay current with industry trends, regulations, and best practices in GRC.
   • Identify opportunities for process improvements and system enhancements.

The statements contained herein describe the scope of the responsibility and essential functions of this position, but should not be considered to be an all-inclusive listing of work duties and responsibilities. Individuals may perform other duties as assigned including work in other areas to cover absences, or relief to equalize peak work periods or otherwise balance the workload. 

To be successful as the GRC System Administrator I or II, we're looking for:

• Bachelor's degree in a related field (e.g., Information Security, Computer Science, Business Administration) or one year of equivalent work experience beyond min. experience requirements
• Level II: A minimum of 3 years of experience in system administration and configuration of GRC solutions or automated workflow solutions or other applicable IT solutions
• Level I: No experience
• Experience in GRC tools and platforms (e.g., Archer, ServiceNow GRC, SAP GRC) or applicable automated workflow solutions
• Basic knowledge of compliance frameworks and regulations (e.g., NERC CIP, SOC, NIST, ISO 27001)
• Experience with data analysis tools (e.g., SQL, Excel)
• Adaptability to learn and apply new technologies quickly
• Good problem-solving and analytical skills
• Effective communication and interpersonal skills
• Commitment to understanding of, complying with and enforcement of SPP Policies and Procedures

Preferred Qualifications: 

• Relevant certifications (e.g., CISA, CISSP, CRISC) are preferred
• Experience with programming languages
• Experience with Archer GRC solution

Position Type and Expected Hours of Work:

• This is a full-time position. Days and hours of workweek are Monday through Friday, 8:00 a.m. to 5:00 p.m. Working extended hours may be required.

Travel Requirement:  

• This position requires minimal travel ( up-to 20%)

SPP is an Affirmative Action and Equal Opportunity Employer of individuals with disabilities and protected veterans and is committed to excellence. If you need a reasonable accommodation for any part of the employment process, please contact us at HR@spp.org and let us know the nature of your request. We will only respond to messages left that involve a request for a reasonable accommodation in the application process. We will accommodate the needs of any qualified candidate who requests a reasonable accommodation under the Americans with Disabilities Act (ADA).

At SPP we value Diversity, Equity and Inclusion. Visit our website to learn more: LINK

Full job descriptions will be made available to those selected for an interview.