Manager, Cyber Security Advisory - Hybrid (Dallas or Houston, TX)

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

AECOM is seeking a Manager, Cyber Security Advisory to support our Corporate Cyber Security team. 

This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute/virtual work to be based from either Dallas or Houston, TX.

Job Description and Role Functions:

• Build and mature our Security GRC ecosystem based on industry best practices, including Controls Management, Audit Management, Risk Oversight, Issues & Exceptions Management, Policy Management, etc.
• Update security controls, provide support to all stakeholders on security controls and standards and perform and investigate internal and external information security risk and exceptions assessments.
• Develop, document, implement, operate, and manage a detailed Project Security Review process to identify, assess and remediate Cybersecurity risks to the organization. This includes but not limited to design, document, socialize, implement, test, operationalize, monitor, and measure the overall process.
• Create partnerships and work with other cybersecurity and IT towers to ensure appropriate coverage around security controls. Advise on improvement and maturity of the Cybersecurity program, specifically around GRC.
• Work with threat and vulnerability management to ensure technical scan results on compliance-related systems are assessed, reported, and remediated. 
• Design and conduct thorough cybersecurity assessments of clients' projects, ensuring alignment with industry and AECOM standards and best practices.
• Perform comprehensive security reviews, identifying vulnerabilities, and recommending mitigation strategies.
• Collaborate with project teams to integrate security measures into the project lifecycle.
• Assist in security of software applications by managing security testing, code reviews, and working closely with development teams to integrate security into the software development lifecycle.
• Advisory role in securing cloud environments, including managing cloud security configurations, access controls, and monitoring cloud infrastructure for security issues.
• When needed, serve as a trusted cybersecurity advisor to internal and external clients, assisting in defining security strategies, policies, and roadmaps.
• Provide expert guidance on security architecture and technology choices, helping clients make informed decisions.
• Work with relative Federal team to assess and define security controls/ensure coverage of our federal compliance mandates.
• Continued assurance of the specialized environment’s compliance and ensuring best practices are shared with our corporate security environment.
• Collaborate with senior leadership to define and execute a strategic security roadmap that supports the organization's business objectives while proactively addressing emerging threats.
• From a GRC perspective, ensure we remain current on best practices and technical safeguards and act as team’s (GRC) technical resource for controls definition, standards, architecture alignment with regulatory requirements, and security assessment.
• Assist in designing, implementing, and operating appropriate cybersecurity processes in the selected GRC tool.

Qualifications

Minimum Requirements:

• Bachelor’s degree plus at least 8 years of relevant experience in security design/architecture, cloud security risk and controls, security controls assessment/testing/remediation and security risk management or demonstrated equivalency of experience and/or education
• Strong technical skills but equally comfortable interacting with other teams, functions, and senior cybersecurity leaders
• Excellent leadership skills with the ability to communicate complex security concepts to both technical and non-technical stakeholders.
• Experience in implementation and operations of various GRC tools (such as Archer, ServiceNow IRM, AuditBoard)
• Extensive knowledge of Microsoft Technologies and cloud strategies and security controls.
• Strong analytical and problem-solving skills, with the ability to design innovative solutions to complex security challenges.
• Ability to work independently and as part of a collaborative team.

Preferred Qualifications:

• Proactive and self-motivated with a strong commitment to continuous learning.
• Government and commercial security and compliance experience
• Experience working in a professional services organization, or experience working for a similarly large, complex, global company
• Proficiency in Security GRC frameworks such as NIST 800-53, NIST 800-171/CMMC Level 1-3. ISO 27001, other NIST 800 series etc. highly preferred

Additional Information

• Relocation assistance is not available for this position
• Sponsorship for US work authorization is not available for this position, now or in the future

About AECOM

AECOM is proud to offer a comprehensive benefits program to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absence, voluntary benefits, perks, U.S. and global well-being programs, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.

Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.