Cybersecurity Risk Analyst

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

AECOM is seeking a Cybersecurity Risk Analyst to be based in Manila, Philippines.

​​The role is responsible for ensuring that the organization's cybersecurity program aligns with industry best practices, regulatory requirements, and internal policies. The role assesses and works through cyber risks, policy implementation, and assists in operating the cybersecurity exceptions and compliance management processes​ 

Cyber Governance: 

• Assist in maintaining cybersecurity governance frameworks, policies, and standards. 

• Execute and follow/track tasks in a GRC (Governance, Risk & Compliance) platform. 

• Ensure alignment of cybersecurity strategies with business objectives, regulatory requirements, and industry best practices. 

• Establish and maintain effective communication channels with stakeholders to promote cybersecurity governance awareness and compliance. 

Policy Lifecycle Management: 

• Assist with executing end-to-end policy lifecycle management process, including policy development, review, approval, and dissemination 

• Collaborate with cross-functional teams to identify policy needs, review existing policies, and ensure policy effectiveness and adherence 

• Monitor regulatory changes and industry trends to keep policies up-to-date and aligned with emerging cybersecurity risks and standards 

General Risk Management: 

• Conduct risk assessment exercises to identify and prioritize cyber risks. 

• Work with key stakeholders such as Enterprise Risk Management, IT Infrastructure & Operations, Internal Audit, Legal, HR, and Supply Chain groups to communicate and manage Cybersecurity requirements and provide guidance around remediation or risk acceptance. 

• Provide guidance to IT, Business, and Functional teams on controls/security/risk management/compliance issues; ensure that project plans/technology initiatives are compliant with the support of a team lead or senior members of the team. 

• Communicate and execute risk mitigation strategies and action plans, working closely with relevant teams to implement controls and countermeasures. 

• Monitor and report on key risk indicators, track risk treatment plans, and provide recommendations for risk reduction and mitigation. 

Cybersecurity Exceptions Management: 

• Assist with the process of handling cybersecurity exceptions and deviations from established policies or controls. 

• Evaluate exception requests, conduct risk assessments, and provide guidance on risk acceptance or mitigation measures with the support of a team lead or senior members of the team. 

• Ensure exceptions are properly documented, tracked, and reported to relevant stakeholders. 

Qualifications

Minimum Requirements:  

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or other relevant courses 

• At least 3 to 4 years of relevant experience in cyber governance, policy lifecycle management, general risk management, and cybersecurity exceptions management 

• Understanding and knowledge of cybersecurity frameworks (e.g., NIST Cybersecurity Framework, ISO 27001), cybersecurity controls, technologies, industry standards, and best practices 

• Familiarity with regulatory requirements and best practices in cybersecurity and privacy (e.g., GDPR, CCPA, HIPAA) 

• Understanding and knowledge around conducting risk assessments, threat modeling, and vulnerability assessments. 

• Relevant certifications such as CISSP, CISM, CRISC, or similar are desirable. 

Attributes:  

• Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication) 

• Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service) 

• Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates, & discrepancies through defined methods. (Attention to Detail) 

• Ability to identify, assess, and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving) 

Additional Information

About AECOM

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.

Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.