The role is primarily responsible to support global governance, operational risks, and compliance functions. Key tasks involve assisting in the development of policies, narratives, and security standards and building out the global unified compliance framework as part of the eGRC ecosystem.
Build partnerships with AECOM’s IT departments, business units, and other key stakeholders globally
Ensure alignment of security processes and business-related projects
Assist in the development and implementation of security policies, procedures, risks, standards, and controls.
Perform controls validation and audits
Perform periodic risk assessments/compliance self-assessments (CSA)
Align and facilitate security and regulatory compliance audits
Work with IT to understand the strategy and ensure cybersecurity controls and countermeasures are operationally effective before production implementation
Assist in the implementation of cloud-security frameworks and controls (Cloud Security Alliance)
Assist in developing and implementing AECOM’s unified regulatory compliance framework (ISO 27x, NIST, DFARs, FedRamp, SOX, etc.)
Ensure change management controls are properly implemented and valid on all approved changes
Document, maintain and obtain ongoing support for all aspects of the information security program
Assist with remediation and tracking of IT audit activities and planned annual audits
Develop and implement hardening and secure configuration standards
Escalate issues and recommend resolutions to senior members of the team
Propose alternatives and assist in investigating and resolving common issues
Maintain current processes and incorporate documentation updates as required
Contribute to process improvement initiatives to streamline processes, improve customer experience, and increase productivity
Contribute specialized expertise to different assigned projects and may provide key updates to Team Lead and Manager.
Bachelor’s degree in Computer Science, IT, Audit and Accounting or equivalent courses
At least 4 years of relevant experience in information security risk management
At least 3 years of relevant experience in information systems auditing and regulation compliance (SOX, ISO, NIST RMF, Cloud Security Alliance- CSA, NIST CSF)
Working knowledge and understanding of IT audit, IT risk assessment and management, cloud security, security policy and controls development, cybersecurity, and internet security practices
Certifications such as CISSP, CRISC, or CISA is preferred.
Ability to be thorough and meticulous in completing assigned tasks and with the ability to propose ways to prevent or eliminate errors, discrepancies & issues. (Attention to Detail)
Ability to gather, integrate, validate, and analyze relevant data to develop resolutions, findings, and recommendations. (Analytical Thinking)
Ability to effectively communicate within a varied audience and internal and external customers. (Communication)
Ability to maintain a high level of collaboration among multiple internal and external stakeholders to effectively arrive at solutions and develop initiatives. (Collaboration)
Ability to maintain good customer relationships and initiate ways to improve customer support customer experience (Customer Service)
Ability to identify and resolve moderate and complex issues by applying best practices and technical expertise and may recommend solutions for unique scenarios. (Problem Solving)
What We Offer
When you join AECOM, you become part of a company that is pioneering the future. Our teams around the world are involved in some of the most cutting-edge and innovative projects and programs of our time, addressing the big challenges of today and shaping the built environment for generations to come. We ensure a workplace that encourages growth, flexibility and creativity, as well as a company culture that champions inclusion, diversity and overall employee well-being through programs supported by company leadership. Our core values define who we are, how we act and what we aspire to, which comes down to not only delivering a better world, but working to “make amazing happen” in each neighborhood, community and city we touch. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.
Job Category Information Technology
Business Line Geography OH
Business Group Design and Consulting Services Group (DCS)
Position Status Full-Time
Requisition/Vacancy No. 255142BR
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.