Mgr, Security Controls & Compliance

This position is responsible for leading and managing a team that executes controls, compliance, and audit coordination activities supporting AFT Enterprise Foundations (EF) applications. The role provides primary coordination for ICC/SOX, Deloitte, and Internal Audit engagements; oversees execution and continuous improvement of automated and manual controls; and partners with Security and Technology Enablement teams to strengthen preventive controls (including Segregation of Duties) and mature ERP security governance. The position also provides leadership and oversight for operational business access security functions performed by the Business Ops / Security Business Analyst role (Cool Compliance access approvals, entity administration, and access risk/exception evaluation), serving as the management bridge between technical security configuration (ESD TO) and business compliance requirements.

JOB REQUIREMENTS:

Education:

Bachelor’s degree in Accounting, Finance, Business, Information Systems, IT, or related discipline (or equivalent experience) required

Experience:

Must have 7 years of demonstrated experience leading internal controls, compliance, audit coordination, or risk management work in a complex business and technology environment; experience coordinating walkthroughs, testing, evidence collection, and remediation activities with auditors and control owners.

Knowledge and Skills:

Strong working knowledge of SOX/internal controls concepts and evidence standards; understanding of application security concepts, role-based access control (RBAC), and Segregation of Duties (SoD) risk; strong program/project management skills; ability to translate technical control/security topics into clear business-facing communications.

Required:

Experience supporting Oracle Cloud ERP / Oracle ERP security or comparable software, roles/privileges governance, and/or GRC tooling (e.g., Oracle Risk Management or equivalent); experience with change/release management controls and IPE/IUC testing coordination.

MAJOR JOB RESPONSIBILITIES:

Management of Controls, Compliance & Audit Engagements: Lead and coordinate engagements with auditors and compliance stakeholders (Deloitte, Internal Controls & Compliance (ICC)/SOX, and Internal Audit). Organize and facilitate control walk-throughs; manage evidence requests and follow-up responses; maintain relationships with control owners/performers; and plan team work activities to minimize impact in the EF Agile environment.

Control Execution, Monitoring & Remediation Management: Oversee day-to-day execution and monitoring of the AFT control landscape across Enterprise Foundation (EF) applications (automated and manual controls, including logic access and change management). Assign work, remove blockers, and ensure consistent evidence quality. Discuss potential deficiencies with relevant stakeholders; document deficiencies; assign ownership; establish remediation timelines; and monitor remediation progress to completion.

Security Governance, Segregation of Duties & Change/Release Control Oversight: Partner with Security and Technology Enablement to support security management activities (role creation/modification, access approvals, and entity administration in Cool Compliance). Coordinate Segregation of Duties (SoD) questionnaires/assessments (including cross-application assessments) and support periodic access certification and improvements that shift from manual detective controls toward preventive/automated enforcement. Assess impacts of releases/patches/bug fixes and business process changes on controls for Key Financial Applications, ensuring required controls are tested/performed and operating as designed. Develop the team’s skillset and competency in Compliance & Controls and Security through standard work, cross-training, and coverage planning for key compliance cycles.

Operational Business Access Security Oversight (Business Ops / Security Business Analyst): Provide management oversight for day-to-day business access security operations, including Cool Compliance role access approvals across EF applications; entity administration for Oracle and business systems; role exception evaluation and documented risk assessments; user troubleshooting and access-needs determination; maintenance of role matrices, privilege change logs, and required evidence; and manual access provisioning when C2 automation is not feasible. Ensure clear separation of duties between requestor/approver/provisioner activities, adherence to defined approval routing, and alignment to the Oracle Business Access Security Approval RACI (Responsible vs Consulted).

Access Governance, Metrics & Evidence Standards: Establish and monitor service expectations and key metrics for access governance activities (e.g., approval cycle time, exception volume/aging, manual provisioning volume, and rework/quality trends). Ensure periodic access reviews/recertifications and SoD/risk-based reviews are completed on schedule and that audit-ready evidence is consistently retained for access approvals, role exceptions, entity administration, privilege changes, and manual provisioning (including required approvals and documentation when automation is not available).

Scope Note:

The AFT controls landscape includes AFT EF applications such as ARCS, FCCS, DRM, Oracle Cloud ERP, PowerPlan, and Maximo, and encompasses both automated and manual controls (approximately 68 automated and 54 manual controls, including logic access and change management controls). The role also coordinates IPE/IUC report testing activities on a defined rotation (with annual report volumes referenced in the supporting materials).

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 18702

Job Category: Accounting & Auditing

Job Schedule: Full time

Company: Southern Company Services