Information Security and Compliance Analyst - Military veterans preferred



  full-time   employee

Taguig City

Job Summary

The role is primarily responsible to support global governance, operational risks, and compliance functions. Key tasks involve assisting in the development of policies, narratives, and security standards and building out the global unified compliance framework as part of the eGRC ecosystem.

  • Build partnerships with AECOM’s IT departments, business units, and other key stakeholders globally

  • Ensure alignment of security processes and business-related projects

  • Assist in the development and implementation of security policies, procedures, risks, standards, and controls.

  • Perform controls validation and audits

  • Perform periodic risk assessments/compliance self-assessments (CSA)

  • Align and facilitate security and regulatory compliance audits

  • Work with IT to understand the strategy and ensure cybersecurity controls and countermeasures are operationally effective before production implementation

  • Assist in the implementation of cloud-security frameworks and controls (Cloud Security Alliance)

  • Assist in developing and implementing AECOM’s unified regulatory compliance framework (ISO 27x, NIST, DFARs, FedRamp, SOX, etc.)

  • Ensure change management controls are properly implemented and valid on all approved changes

  • Document, maintain and obtain ongoing support for all aspects of the information security program

  • Assist with remediation and tracking of IT audit activities and planned annual audits

  • Develop and implement hardening and secure configuration standards

  • Escalate issues and recommend resolutions to senior members of the team

  • Propose alternatives and assist in investigating and resolving common issues

  • Maintain current processes and incorporate documentation updates as required

  • Contribute to process improvement initiatives to streamline processes, improve customer experience, and increase productivity

  • Contribute specialized expertise to different assigned projects and may provide key updates to Team Lead and Manager.

Minimum Requirements

  • Bachelor’s degree in Computer Science, IT, Audit and Accounting or equivalent courses

  • At least 4 years of relevant experience in information security risk management

  • At least 3 years of relevant experience in information systems auditing and regulation compliance (SOX, ISO, NIST RMF, Cloud Security Alliance- CSA, NIST CSF)

  • Working knowledge and understanding of IT audit, IT risk assessment and management, cloud security, security policy and controls development, cybersecurity, and internet security practices

Preferred Qualifications

  • Certifications such as CISSP, CRISC, or CISA is preferred.

  • Ability to be thorough and meticulous in completing assigned tasks and with the ability to propose ways to prevent or eliminate errors, discrepancies & issues. (Attention to Detail)

  • Ability to gather, integrate, validate, and analyze relevant data to develop resolutions, findings, and recommendations. (Analytical Thinking)

  • Ability to effectively communicate within a varied audience and internal and external customers. (Communication)

  • Ability to maintain a high level of collaboration among multiple internal and external stakeholders to effectively arrive at solutions and develop initiatives. (Collaboration)

  • Ability to maintain good customer relationships and initiate ways to improve customer support customer experience (Customer Service)

  • Ability to identify and resolve moderate and complex issues by applying best practices and technical expertise and may recommend solutions for unique scenarios. (Problem Solving)

What We Offer

When you join AECOM, you become part of a company that is pioneering the future. Our teams around the world are involved in some of the most cutting-edge and innovative projects and programs of our time, addressing the big challenges of today and shaping the built environment for generations to come. We ensure a workplace that encourages growth, flexibility and creativity, as well as a company culture that champions inclusion, diversity and overall employee well-being through programs supported by company leadership. Our core values define who we are, how we act and what we aspire to, which comes down to not only delivering a better world, but working to “make amazing happen” in each neighborhood, community and city we touch. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

Job Category Information Technology

Business Line Geography OH

Business Group Design and Consulting Services Group (DCS)

Country Philippines

Position Status Full-Time

Requisition/Vacancy No. 255142BR

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.