Federal Information Systems Safeguarding and Compliance Manager - Remote, Various US Locations

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

We are seeking a Manager, Federal Information Systems Safeguarding and Compliance.  This individual will serve as a member of the Federal Business Services team and will report to the Director of Federal Business Services Federal Information Safeguarding and Compliance.

The candidate will be responsible for developing and supporting adherence to all aspects of a rigorous Secure Services compliance program as stipulated by DFARS, internal Cybersecurity Control Standards and associated NIST publications. The Manager is responsible for assisting the Director regarding IT and information system security issues by implementing common information system security practices, policies and technologies. Candidate will interface with multiple AECOM project teams and functional groups and provide support in developing proposals, responding to inquiries, define and deliver Secure Services as needed and provide direct support throughout the secure operation of federal projects. The candidate is required to be proficient in DFARS and Contractor Program Security functions, responsibilities, and disciplines that make up a strong Federal Security Program. Additionally, ideal candidate is a cyber security generalist and is experienced in providing guidance to both technical and operations delivery teams across all aspects of information security, ensuring adherence to federal regulations and best practices which promote secure and reliable delivery of mission critical services within a global enterprise.

This position will offer flexibility for primarily remote work schedules and can be based from a variety of US locations.

Roles and Responsibilities

• Maintain operational security posture for programs and information systems
• Information safeguarding interface to AECOM project teams
• Participate in the system development lifecycle to ensure secure solutions are delivered
• Ensure system security measures comply with applicable government policies
• Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system
• Ensure proper measures are taken when a federal information security incident or vulnerability is discovered
• Assist IT in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems
• Maintain thorough understanding of NIST 800-171 controls, as well as document implementation in the Systems Security Plan
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security controls applied to a system are implemented and functional
• Maintains awareness of upcoming customer / government driven changes and challenges and suggests approaches to meet those challenges
• Ensure development and implementation of applicable Federal information security education, training, and awareness activities
• Responsible for both the technical practice and operational management of one large or multiple small to medium sized offices/operating units with moderate complexity
• Determines and executes the strategic direction of the office(s) to ensure financial profitability
• Works in conjunction with the district and/or regional management to ensure financial success of the offices within the district or operating unit

Tasks and objectives:

• Cloud services reduction- AWS
• Onboard business teams, oversee the contractor provisioning SSD workspaces
• Virtualize the SSD in Azure by working with project teams defining requirements, architecting and overseeing the delivery of assets, developing and updating project specific work instructions
• Develop and document run books for virtualizing SSD applications
• FY25 budgeting- roadmap
• Peering with cleared facilities ISSM, develop cleared facilities run book.
• Extend USA safeguarding knowledge to Canada
• Information Security Oversight
• Environment Security Initiatives
• Environment Security Controls/Measures
• Governance & Compliance Oversight
• Regulatory Compliance Initiatives (NIST 800-171, CMMC II)
• POA&M & Attestation Compliance
• Engineering Oversight
• Project Onboarding
• Workload Support & Consumption
• Operation & Maintenance Oversight
• Azure GCC-High Support
• Azure Networking Support
• Azure Firewall Support
• Azure Web Application Firewall Support
• Azure Database Support
• Azure Virtual Machines Support
• SSD Helpdesk Oversight
• Add ports document updates
• Audit remediation
• Mature and support FBS Artificial Intelligence, FAQ Bots, user self-service tools

Qualifications

Minimum Requirements:

• Bachelor’s degree plus at least 8 years of relevant information security experience or demonstrated equivalency of experience and/or education (AS degree plus at least 10 years of relevant experience OR HS diploma plus at least 12 years of relevant experience)
• Understanding of RMF such as: NIST SP 800-171, NIST SP 800-53, DFARS Clause 252.204-7012 and or FAR Clause 52.204-21
• Technical & operational knowledge of cyber technologies such as (SSO, MFA, Endpoint Protection, Encryption, DLP, Vulnerability Scanning Firewalls, IDS/IPS, AWS)
• Knowledge and experience with public cloud environments (Azure, AWS)
• Knowledge of security methodologies, policies, standards and industry practices
• Experience with large scale enterprise wide security projects
• Due to nature of work, candidate must be a US Citizen

Preferred Qualifications:

• Previous experience designing and implementing a Secure Services Domain is a plus
• Prior experience with AECOM Information Safeguarding and Compliance
• Strong quantitative and analytical skills
• Past federal Cyber Security experience
• Experience with Cybersecurity Maturity Model Certification (CMMC)
• 3+ years of experience securing enterprise networks and information systems according to Industry frameworks, such as NIST 800-171
• Ability to remain organized, pay attention to detail, and meet critical deadlines
• Strong written, verbal, interpersonal and presentation skills with the ability to lead meetings and present to large groups of technical and business personnel
• Excellent time & people management skills, ability to effectively manage a large volume of work
• Performing effectively in a team environment and independently with minimal direction; self-motivated and able to work on multiple activities in a fast paced environment

Additional Information

• Sponsorship for US work authorization is not available for this position, now or in the future
• Due to the remote nature of this position, relocation assistance is not available

About AECOM

AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.

Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation, benefits and well-being programs to meet the diverse needs of our employees and their families. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.