Cyber Security Governance, Risk & Compliance Sr. Manager or Director

Company Description

We will give you the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed. You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients. We will encourage you to grow and develop your career with us through our technical and professional development programs and diverse career opportunities. We believe in leadership at all levels. No matter where you sit in the organization you can make a lasting impact on the projects you work on, the teams and committees you join and our business. We offer competitive pay and benefits, well-being programs to support you and your family, and the development resources you need to advance your career. When you join us, you will connect and collaborate with a global network of experts – planners, designers, engineers, scientists, consultants, program and construction managers – leading the change toward a more sustainable and equitable future. Join us and let’s get started. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

Job Description

AECOM is seeking a dynamic and talented Cyber Security Governance, Risk & Compliance Director or Sr. Manager. This position can be performed remotely from a variety of locations in the United States.

The Cyber Security Governance, Risk, and Compliance Director or Sr. Manager is responsible for maintaining the company’s cyber security risk management framework. This position supports a holistic view of information security, operational, and business risks to help ensure that business objectives and risk strategies are achieved.

This position is responsible for consistent risk processes and performing risk assessments to help identify and manage cybersecurity risk across all business lines. It will focus on enabling efficient decision making through a top-down risk governance structure that allows the organization to identify and respond appropriately to business and operational risks and issues. The position is also accountable for setting and managing the risk governance roadmap and working with business counterparts to develop technology risk mitigation plans to establish priorities aligned with business objectives.

Major Tasks and Responsibilities

• Manage and operationalize the risk management framework, policies, procedures, and standards
• Manage and continuously improve the Third-Party Risk Management process
• Manage and continuously improve the Client Assurance process
• Maintain the risk register including identified risks, ratings, key controls, issues/findings, and risk mitigation efforts
• Provide early indication of increasing risk exposures through designing, implementing, and monitoring of enterprise and business unit risk tolerances and key risk indicators
• Collect, analyze, and monitor risk-related data to proactively identify trends and prioritize efforts and resources
• Aggregate risk data and develop themes for reporting to senior management highlighting key cyber-risk trends
• Ensure that projects comply with security standards and architectures

At AECOM, we’re delivering a better world.

We believe infrastructure creates opportunity for everyone. Whether it’s improving your commute, keeping the lights on, providing access to clean water or transforming skylines, our work helps people and communities thrive. Our clients trust us to bring together the best people, ideas, technical expertise and digital solutions to our work in transportation, buildings, water, the environment and new energy. We’re one global team – over 50,000 strong – driven by a common purpose to deliver a better world.

Qualifications

MINIMUM REQUIREMENTS:

For Sr. Manager:

• BA/BS plus at least 10 years of relevant IT / cyber security experience or demonstrated equivalency of experience and/or education including at least 2 years of leadership experience.

For Director:

• BA/BS plus at least 12 years of relevant IT / cyber security experience or demonstrated equivalency of experience and/or education including at least 4 years of leadership experience

As well as:

• Due to the nature of the work being conducted, US Citizenship is required.
• Requires a mix of business and technical acumen with strong people management skills, the ability to influence decisions around risk management, and an ability to communicate with senior executives, cross functional stakeholders, and business leaders.
• Ability to effectively prioritize and execute tasks in a fast-paced environment
• Experience developing and producing risk metrics and reports that are meaningful and actionable across various audiences
• Experience with coordinating corporate governance activities
• Proficient at summarizing, packaging, and presenting data and topics to assist executive management in assessing options and decision-making
• Adept analytical and problem-solving skills
• Ability to perform well under pressure and demonstrate a sense of urgency
• Advanced Microsoft Office Suite (Word, Excel, PowerPoint)

PREFERRED QUALIFICATIONS:

• 7 years of work experience in cyber-risk management3 years of experience with policies, standards, and procedures development / maintenance
• Excellent technical, written, and verbal communication skills
• Relevant industry certifications such as CRISC, CISA, etc.
• Ability to apply risk management and control frameworks (NIST 800-53, ISO 27001/2, COBIT, etc.)
• Experience with Governance, Risk, and Compliance (GRC) technology solutions

Additional Information

• Due to the remote nature of this position, relocation assistance is not available

All your information will be kept confidential according to EEO guidelines.

Here, you will have freedom to grow in a world of opportunity.

We will give you the flexibility you need to do your best work. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

With infrastructure investment accelerating worldwide, our services are in great demand, and there’s never been a better time to be at AECOM! Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility.

We will encourage you to grow and develop your career with us through our technical and professional development programs and diverse career opportunities. We believe in leadership at all levels. No matter where you sit in the organization you can make a lasting impact on the projects you work on, the teams and committees you join and our business.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

Join us and let’s get started.