Senior Third Party and Client Security Assurance Analyst

Taguig City, Philippines

Applications have closed

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of nearly 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

AECOM is seeking for a Senior Third Party and Client Security Assurance Analyst to be based in Manila, Philippines

As a Senior Third Party and Client Security Assurance Analyst at AECOM, the purpose of this role is to leverage seasoned expertise in information security, IT, audit, and risk management to elevate the organization's control environment and ensure the highest standards of security in engagements with third parties and clients. This strategic position involves evaluating, managing, and enhancing AECOM's security posture by leading the assessment of third-party engagements, collaborating across departments, conducting advanced risk assessments, and providing strategic guidance to remediate identified gaps.
The Senior Third Party and Client Security Assurance Analyst position at AECOM aims to harness seasoned expertise to fortify the organization's security resilience, ensure compliance with industry standards, and strategically manage risks associated with third-party engagements and client interactions.

Responsibilities & Duties

  • Lead the strategic evaluation of requests for third-party engagements, providing insights based on 5 years of experience in information security, IT, audit, and risk management.
  • Proactively engage with AECOM clients, ensuring a comprehensive understanding of their security expectations and needs, leveraging your experience to enhance AECOM's control environment.
  • Drive cross-functional collaboration, serving as a seasoned liaison between business requestors, procurement, legal, and security/IT teams to ensure seamless and timely completion of security questionnaires.
  • Conduct advanced and nuanced third-party risk assessments, leveraging your extensive experience to identify and mitigate potential risks to AECOM.
  • Utilize your seasoned judgment to identify complex gaps and issues in third-party and client security standards, developing and overseeing sophisticated remediation plans.
  • Bring your extensive experience to bear on reviewing and negotiating third-party and client contracts, ensuring they align with the highest security standards.
  • Oversee and enhance the framework, policies, procedures, and program governance, leveraging your experience to ensure alignment with the most current industry best practices and regulatory requirements.
  • Develop tactical and strategic plans to evolve the third-party risk management program to ensure compliance with new regulations and alignment with industry best practices.
  • Showcase in-depth experience in completing and reviewing security and privacy questionnaires, bringing a wealth of knowledge to the role.
  • Leverage your seasoned verbal communication skills to provide strategic advice to management regarding third-party and client risk management.
  • Demonstrate the ability to develop, document, and maintain sophisticated procedures reflective of your extensive industry knowledge.


Minimum Requirements:

  • Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or other relevant courses
  • A minimum of 5 years of demonstrated success in information security, IT, audit, third-party, and risk management.
  • Demonstrate a deep understanding of security best practices (ISO, NIST Cybersecurity Framework, etc.), cybersecurity controls, technologies, industry standards, and best practices.
  • Exhibit strong organizational skills honed through years of experience, ensuring efficient management of priorities.
  • Highlight your knowledge and proficiency in the RSA’s Archer GRC platform, showcasing your ability to navigate and optimize the tools available.
  • Familiarity with regulatory requirements and best practices in cybersecurity and privacy (e.g., GDPR, PCI-DSS, HIPAA)
  • Understanding and knowledge around conducting risk assessments, threat modeling, and vulnerability assessments.
  • Relevant certifications such as CISSP, CISA, CRISC, or similar are desirable.


  • Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication)
  • Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service)
  • Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates, & discrepancies through defined methods. (Attention to Detail)
  • Ability to identify, assess, and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)

Additional Information


AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $13.1 billion in fiscal year 2022. See how we are delivering sustainable legacies for generations to come at and @AECOM.


Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CISA CISSP Compliance CRISC GDPR Governance HIPAA NIST Privacy Risk assessment Risk management RSA

Perks/benefits: Career development Equity

Region: Asia/Pacific
Country: Philippines
Job stats:  10  1  0
Category: Analyst Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.