Job Description
AECOM is seeking a Manager, Cyber Security Advisory to support our Corporate Cyber Security team.
This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute/virtual work to be based from either Dallas or Houston, TX.
Job Description and Role Functions:
Build and mature our Security GRC ecosystem based on industry best practices, including Controls Management, Audit Management, Risk Oversight, Issues & Exceptions Management, Policy Management, etc.
Update security controls, provide support to all stakeholders on security controls and standards and perform and investigate internal and external information security risk and exceptions assessments.
Develop, document, implement, operate, and manage a detailed Project Security Review process to identify, assess and remediate Cybersecurity risks to the organization. This includes but not limited to design, document, socialize, implement, test, operationalize, monitor, and measure the overall process.
Create partnerships and work with other cybersecurity and IT towers to ensure appropriate coverage around security controls. Advise on improvement and maturity of the Cybersecurity program, specifically around GRC.
Work with threat and vulnerability management to ensure technical scan results on compliance-related systems are assessed, reported, and remediated.
Design and conduct thorough cybersecurity assessments of clients' projects, ensuring alignment with industry and AECOM standards and best practices.
Perform comprehensive security reviews, identifying vulnerabilities, and recommending mitigation strategies.
Collaborate with project teams to integrate security measures into the project lifecycle.
Assist in security of software applications by managing security testing, code reviews, and working closely with development teams to integrate security into the software development lifecycle.
Advisory role in securing cloud environments, including managing cloud security configurations, access controls, and monitoring cloud infrastructure for security issues.
When needed, serve as a trusted cybersecurity advisor to internal and external clients, assisting in defining security strategies, policies, and roadmaps.
Provide expert guidance on security architecture and technology choices, helping clients make informed decisions.
Work with relative Federal team to assess and define security controls/ensure coverage of our federal compliance mandates.
Continued assurance of the specialized environment’s compliance and ensuring best practices are shared with our corporate security environment.
Collaborate with senior leadership to define and execute a strategic security roadmap that supports the organization's business objectives while proactively addressing emerging threats.
From a GRC perspective, ensure we remain current on best practices and technical safeguards and act as team’s (GRC) technical resource for controls definition, standards, architecture alignment with regulatory requirements, and security assessment.
Assist in designing, implementing, and operating appropriate cybersecurity processes in the selected GRC tool.