Skip Ribbon Commands
Skip to main content


Energy Future Holdings


Irving, TX

Contact Name

Amy Reichman

Contact Phone


Job Title

SAP Controls Manager

Job Code


Job Category


Job Description

IT Risk, Security and Compliance Manager for SAP

Sierra Office, Irving, TX

Grade 14E


The IT Risk, Security and Compliance Manager, will plan, oversee and execute risk and controls assessment, perform compliance testing, and provide documentation across all domains for IT General Controls, SOX, Payment Card Industry (PCI), Data Privacy, and other energy/utilities compliance requirements to support the Energy Future Holdings/TXU Energy corporate security and compliance program. The Manager will be the primary point of contact for all controls related matters (projects, internal/external audit, requests, inquiries, etc.) including SAP security, role methodology and process and controls. The Manager will update or develop and publish security policy and / or standards through collaboration with stakeholders in support of compliance requirements and company risk tolerance. The Manager will collaborate with HR, Legal, Supply Chain and Vendor Management in any related IT Security, data privacy, etc related matters. The Manager will drive the creation of security processes, controls and lifecycles which align with security policy and regulatory compliance requirements.  In addition, the Manager will support the EFH corporate IT Risk, Security and Compliance teams and / or business with risk assessment processes, security awareness efforts, disaster recovery and business continuity efforts, compliance and regulatory projects, audits, or other inquires related to EFH/TXUE related controls.


Responsibilities and Duties:

Central point of contact for internal/external audit efforts related to TXUE.
Leads and executes the key initiatives surrounding PCI, data privacy, and SAP SOX internal and external audit issues and/or remediation efforts, from a controls or process perspective.
Ensures adequate and effective IT controls exist to  meet current and future security compliance requirements found in laws and regulations such as requirements to comply with NERC CIP and NRC, PCI Data Security Standards (DSS), HIPPA, state and federal Privacy law, Sarbanes Oxley Act, and Senate Bill 7.
In-depth experience with IT audit/assessment/examination; SAS 70/SSAE practices; ITIL; ISO-27002/17799; CobiT and Industry standard application development methodologies
In-depth internal control knowledge of core IT technologies and processes (e.g., network systems, operating systems databases, change control tools and processes, computer system operations, application and system development, help desk and monitoring, information security, data backup/retention/recovery, IT vendor management, asset management, disaster recovery, etc.) Assists with the establishment and refinement of procedures for the identification of company information assets and assist information and system owners with the classification of these assets with respect to business impact.
Adept at communicating complex concepts to diverse audiences with varying skills sets. Communication skills are critical both written and verbal.
Must be able to communicate with the technology providers as well as with business leaders at all levels.  An ability to understand the technical details and communicate the essentials at a high level is essential
Ability to handle large multiple projects or programs concurrently with the ability to manage competing priorities
Supports the company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
Supports the company-wide disaster recovery and business continuity efforts.


Establishes and maintains strong working relationships with groups such as the HR, Legal, Internal / External Audit, various IT owners and providers, and outside third parties which provide services to TXUE.
Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a large, highly-matrixed organization. Capable of delivering results through a position of influence, not authority.
Attends conferences, professional association meetings, and technical symposia to remain aware of the latest developments in information security, data privacy, controls, standards, and trends.

Required Qualifications

Must have 5+ years related experience in performing the duties described above.
Must have at least 3+ years in SAP security and/or controls with SOX experience
Bachelor’s degree required (preferably Computer Science/Information Systems, Mathematics, or Engineering) 
Good understanding and experience with COBIT, COSO, NIST, ISO27001/2, SAS 70/SSAE 16, PCI, SOX, and privacy regulations.
Preferred certification (e.g. CISA, CIPP, PMP, CRISC, CISSP, etc.) a plus
Previous consulting experience (“Big Four” experience preferred) in utilities, energy or retail verticals preferred
Experience in IT internal audit preferred
Must have strong computer skills and proficient in the use of Microsoft applications.

Job Summary

Manager / liasion for internal/external audit to lead all efforts for SAP SOX controls and IT general controls, and other compliance areas, PCI experience a plus.

Rate Type




Expiration Date


Career Level




Contact Email

More Info Link


Content Type: Item
Created at 4/3/2013 8:53 AM by  
Last modified at 4/24/2013 3:39 PM by Thom King

©ISACA North Texas Chapter 

P.O. Box 25026

Dallas, TX 75225-1026

Chapter Board of Directors

Contact the Board

Chapter Information

Get Involved!

Frequently Asked Questions

Sign In

Website Resources

Event Calendar

Chapter News

Conference Presentations

Job and Internship Announcements

About the Website

Privacy Policy

Careers Administration

Contact the Webmaster

Leadership Share