TO Risk and Compliance Analyst, Senior - AI Governance

Technology Organization Risk & Compliance Analyst

This role manages risk and compliance for SCS TO related to Artificial Intelligence (AI), ensuring controls meet internal and external standards (ex. Sarbanes Oxley, Separation Protocol, NERC CIP), along with internal policies. Occasional overnight travel is required. The position is based in Birmingham at APC headquarters or Atlanta at GPC headquarters.

Key Responsibilities Subject Matter Expertise in Technology Risks and Controls

Act as the Subject Matter Expert (SME) on technology risk and control activities related to AI Governance, providing guidance and support to both internal and external stakeholders. Ensure that all relevant parties have a comprehensive understanding of the organization's technology risk landscape and the associated controls.

Risk Assessment of AI Solutions

Manage the AI Intake and Review process to assess risks such as bias, technology, and security. Ensure the process efficiently identifies risks, enabling faster delivery of solutions with clear risk awareness for stakeholders.

Responsible AI Governance Committee

Support the Responsible AI Governance Committee in establishing AI standards and assessing the risk of AI use cases. Work with Legal, Privacy, and Data Governance to ensure compliance with regulations and internal policies. Prepare executive presentations to inform leadership decisions.

NIST AI Risk Management Framework

Lead the implementation and management of the Technology Organization’s NIST AI Risk Management Framework to ensure appropriate controls are implemented to address the NIST framework objectives.

AI Regulation Monitoring

Monitor and advise on emerging regulations, standards, and best practices related to AI, ensuring timely updates to company policies and procedures.

Stakeholder Training and Awareness

Design and deliver Responsible AI Governance training and awareness initiatives for internal stakeholders on responsible AI use, AI risk and organizational policies.

Policy and Standards Development

Support the development and documentation of new Technology Organization policies and standards. Work closely with Compliance, Internal Audit, and other relevant organizations to ensure that all policies meet the control standards established by the company.

Reporting and Metrics

Develop management-level summaries of AI related risk and compliance issues for presentation to senior management, including the Chief Information Technology Officer (CITO). Develop and share concise business summaries and success metrics that inform senior leadership on the Technology Organization’s performance.

Backup Support for Critical Initiatives

Provide backup support to other risk and compliance teams, assisting with critical initiatives such as Risk Assurance, Risk Profile, and Business Continuity initiatives. Collaborate as needed to ensure organizational compliance with key regulatory and internal standards.

JOB REQUIREMENTS

Education Requirements

• BS/BA Degree in Computer Science / Information Security or related field preferred

• CRISC, CISA or related industry certifications preferred

Experience Requirements

• Prior Technology Security, Server Support and/or internal controls experience preferred

Preferred Areas of Knowledge

• Artificial Intelligence Risks

• Technology controls and processes

• Industry regulations

• Compliance programs and auditing practices

• Information Security principles

• Control frameworks including COBIT-5, NIST or similar control framework

• ServiceNow IRM

Skills Desired

• Detail oriented while working in a fast-paced environment

• Strong oral and written communication skills with ability to communicate effectively at all levels

• An ability to effectively influence others with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication

• Capable of understanding complex technical information

• Strong analytical skills

• Positive attitude, team player & creative problem-solving skills

• Effective time management skills and good business judgment

• Able to multi-task and handle multiple projects simultaneously

• Proficiency with computer skills including Microsoft Suite products (MS Word, Excel, PowerPoint) required

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one

• Ability to understand deep technical concepts and translate those concepts to non-technical people.

• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has