Manager, Cyber Security Advisory - Hybrid (Dallas or Houston, TX)

Manager, Cyber Security Advisory - Hybrid (Dallas or Houston, TX)

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive.

We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand.

We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

AECOM is seeking a Manager, Cyber Security Advisory to support our Corporate Cyber Security team.

This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute / virtual work to be based from either Dallas or Houston, TX .

Job Description and Role Functions :

• Build and mature our Security GRC ecosystem based on industry best practices, including Controls Management, Audit Management, Risk Oversight, Issues & Exceptions Management, Policy Management, etc.
• Update security controls, provide support to all stakeholders on security controls and standards and perform and investigate internal and external information security risk and exceptions assessments.
• Develop, document, implement, operate, and manage a detailed Project Security Review process to identify, assess and remediate Cybersecurity risks to the organization.
• Create partnerships and work with other cybersecurity and IT towers to ensure appropriate coverage around security controls.

Advise on improvement and maturity of the Cybersecurity program, specifically around GRC.

• Work with threat and vulnerability management to ensure technical scan results on compliance-related systems are assessed, reported, and remediated.
• Design and conduct thorough cybersecurity assessments of clients' projects, ensuring alignment with industry and AECOM standards and best practices.
• Perform comprehensive security reviews, identifying vulnerabilities, and recommending mitigation strategies.
• Collaborate with project teams to integrate security measures into the project lifecycle.
• Assist in security of software applications by managing security testing, code reviews, and working closely with development teams to integrate security into the software development lifecycle.
• Advisory role in securing cloud environments, including managing cloud security configurations, access controls, and monitoring cloud infrastructure for security issues.
• When needed, serve as a trusted cybersecurity advisor to internal and external clients, assisting in defining security strategies, policies, and roadmaps.
• Provide expert guidance on security architecture and technology choices, helping clients make informed decisions.
• Work with relative Federal team to assess and define security controls / ensure coverage of our federal compliance mandates.
• Continued assurance of the specialized environment’s compliance and ensuring best practices are shared with our corporate security environment.
• Collaborate with senior leadership to define and execute a strategic security roadmap that supports the organization's business objectives while proactively addressing emerging threats.
• From a GRC perspective, ensure we remain current on best practices and technical safeguards and act as team’s (GRC) technical resource for controls definition, standards, architecture alignment with regulatory requirements, and security assessment.
• Assist in designing, implementing, and operating appropriate cybersecurity processes in the selected GRC tool.

Qualifications

• Bachelor’s degree plus at least 8 years of relevant experience in security design / architecture, cloud security risk and controls, security controls assessment / testing / remediation and security risk management or demonstrated equivalency of experience and / or education
• Strong technical skills but equally comfortable interacting with other teams, functions, and senior cybersecurity leaders
• Excellent leadership skills with the ability to communicate complex security concepts to both technical and non-technical stakeholders.
• Experience in implementation and operations of various GRC tools (such as Archer, ServiceNow IRM, AuditBoard)
• Extensive knowledge of Microsoft Technologies and cloud strategies and security controls.
• Strong analytical and problem-solving skills, with the ability to design innovative solutions to complex security challenges.
• Ability to work independently and as part of a collaborative team.

Preferred Qualifications :

• Proactive and self-motivated with a strong commitment to continuous learning.
• Government and commercial security and compliance experience
• Experience working in a professional services organization, or experience working for a similarly large, complex, global company
• Proficiency in Security GRC frameworks such as NIST 800-53, NIST 800-171 / CMMC Level 1-3. ISO 27001, other NIST 800 series etc. highly preferred

Additional Information

• Relocation assistance is not available for this position
• Sponsorship for US work authorization is not available for this position, now or in the future

If you think you are the right match for the following opportunity, apply after reading the complete description.

J-18808-Ljbffr

Remote working / work at home options are available for this role.