Manager Governance Risk & Compliance (Oklahoma City, OK, US, 73101-0321)

OGE Energy Corp.

Salary: $121k - $162k
Experience: 5+ yrs
Location: Oklahoma City, Oklahoma, United States
Job type: Full-time

Required skills

business objectives
compliance
cross-functional
key performance indicators
Root Cause Analysis
SOX

About the role

JOB INFORMATION

Job Title: Manager Governance Risk & Compliance
Job Code: 130088
Job Grade: 60

JOB SUMMARY

Accountable for defining, implementing, and managing the Technology, Data, and Security Governance, Risk, and Compliance (GRC) program to ensure alignment with business objectives, applicable regulatory and audit requirements (including Sarbanes-Oxley (SOX) and IT General Controls (ITGC)), and relevant security and risk management best practices. This role leads and continuously improves the governance framework, risk assessment and risk treatment processes, and compliance monitoring and reporting for technology and security controls. The Manager, GRC provides leadership for internal control and audit activities (internal and external), drives remediation and maturity improvements, and serves as a key liaison across Technology, Security, Operations, Legal, Finance, and other stakeholders to promote a culture of risk awareness, accountability, and continuous improvement.

LEVEL OF RESPONSIBILITY

Accountable for departmental performance. Adapts departmental plans and priorities to address business and operational challenges. Decisions guided by policies, procedures and business plan. Generally manages a recognized discipline and specialty with separate budget.

ESSENTIAL FUNCTIONS

Define, implement, and maintain the Technology, Data, and Security Governance, Risk, Compliance (GRC) framework, including decision domains, roles, responsibilities, standards, templates, and key performance indicators (KPIs).
Develop, maintain, and promote GRC-related policies, procedures, and control standards; ensure documents are current and reflect evolving regulatory requirements and industry standards.
Define communication, training, and awareness strategies to ensure consistent understanding and execution of governance, risk, and compliance responsibilities across Technology and business partners.
Conduct and/or facilitate periodic risk assessments for technology and cybersecurity domains, including identification of key risks, evaluation of control design and effectiveness, and development of mitigation plans.
Drive risk optimization activities by establishing risk registers, issue/risk tracking, risk acceptance/exception processes, and leadership reporting on risk posture and trends.
Perform root cause analysis and trending for control deficiencies and compliance issues; recommend and track corrective and preventive actions.
Lead the annual planning and execution of SOX and ITGC compliance activities in coordination with IT, Security, application owners, control owners, and compliance stakeholders.
Coordinate and support internal and external audits and assessments, including scoping, evidence coordination, walkthroughs, testing support, remediation planning, and certification activities.
Maximize reliance on management testing by internal and external auditors through robust control assessments and clear documentation in accordance with established procedures.
Oversee the management of compliance-related incidents, including investigation, documentation, and resolution; implement corrective actions to prevent recurrence.
Develop and maintain GRC and control performance metrics (e.g., KPIs/KRIs), dashboards, and periodic reporting for leadership, including trends and risk/compliance posture.
Identify opportunities to standardize and mature processes and controls; champion and support continuous improvement initiatives across Technology, Data, and Security.
Prepare materials and presentations for relevant governance forums and leadership reviews, including audit status, risk posture, remediation progress, and control effectiveness.
Serve as a liaison and strategic partner between Technology, Security, Operations, and business unit leaders to address issues and ensure GRC expectations are understood and met.
Partner with strategic service providers and internal teams to ensure governance and performance expectations are integrated into operating processes, deliverables, and service management practices.
Support evaluation and recommendation of compliance and GRC tools and technologies to enhance tracking, reporting, and efficiency.
All other duties as assigned.

REQUIREMENTS

Master’s degree or MBA in Information Technology, Cybersecurity, Business, Finance, or a related field and 5 years of progressive experience in audits, compliance, controls, IT, cybersecurity, or risk management; OR
Bachelor’s degree in information technology, Cybersecurity, Business, Finance, or a related field and 7 years of progressive experience in audits, compliance, controls, IT, cybersecurity, or risk management; OR
Associate’s degree in information technology, Cybersecurity, Business, Finance, or a related field and 9 years of progressive experience in audits, compliance, controls, IT, cybersecurity, or risk management; OR
High School Diploma/GED and 11 years of progressive experience in audits, compliance, controls, IT, cybersecurity, or risk management.
Demonstrated experience coordinating internal and/or external audits, including planning, evidence collection, testing support, and remediation tracking.
Experience using compliance, audit, and/or GRC management tools (e.g., for control libraries, testing, issue tracking, and reporting).
Supervisory and/or project leadership experience.

WORKING CONDITIONS

Office environment.
Computer usage for extended durations.
Travel to other locations for work or training, including overnight stays, may be required.
May work non-standard hours.

SPECIAL SAFETY REQUIREMENTS

Member will not be required to drive in order to perform their job duties.
Member is not required to perform any safety sensitive duties.

KNOWLEDGE, SKILLS AND ABILITIES (KSAS)

Demonstrated ability to lead cross-functional initiatives, manage multiple priorities, and drive results through influence and collaboration.
Strong knowledge of technology risk management, internal controls, and assurance practices, including SOX and ITGC concepts.
Ability to coordinate across IT, Security, and Operations to ensure internal controls and compliance processes are implemented alongside new technologies and capabilities.
Strong analytical and problem-solving skills, including ability to perform root cause analysis and develop practical, risk-based solutions.
Excellent written, verbal, presentation, and meeting facilitation skills; ability to communicate effectively with all levels of the organization and external partners/auditors.
Ability to develop metrics, dashboards, and executive-ready reporting.
Knowledge of governance and control frameworks and practices (e.g., COBIT, ITIL) and familiarity with common security frameworks and standards (e.g., NIST, ISO/IEC 27001) is preferred.
Ability to build trust, maintain a professional demeanor, and handle sensitive or confidential information with discretion.

HEALTH AND SAFETY (MEDICAL/DOT REQUIREMENTS)

Pre-Employment Drug Screen

SALARY RANGE

$121,534 - $162,053

About OGE Energy Corp.

Generates and distributes electric power to residential and commercial customers.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.