IT Third Party and Client Security Assurance Analyst

The use of third parties is an essential element in AECOMs service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g. vendors partners suppliers) each of which poses security compliance and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function.

In this role the analyst is expected to support the framework operating model and supervise processes to ensure: 1 third parties are compliant with AECOMs security standards and 2 that AECOM provides the same type of assurance to our clients that its security program is compliant with regulatory requirements standards and client expectations.

Responsibilities & Duties

• Evaluate requests for third party engagements

• Conduct initial and periodic thirdparty risk assessments

• Collaborate with business requestors procurement legal and other teams to ensure questionnaires are completed timely

• Collaborate with security/IT team members to ensure a full understanding of security controls technology and architecture

• Review responses to security questionnaires SOC 1 and SOC 2 assessment reports received from third parties to identify potential risk to AECOM

• Identify gaps/issues based on third party and/or client standards relative to security postures

• Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT

• Manage enhance and implement the framework policies procedures and program governance to ensure alignment of TPRM with industry best practices and regulatory requirements (NIST ISO27001 FedRamp etc.

• Develop tactical and strategic plans to evolve the thirdparty risk management program to ensure compliance with new regulations and alignment with industry best practices

• Triage/complete requests from AECOM clients regarding AECOMs control environment

• Manage AECOMs response to existing and potential business partners/clients/third parties security due diligence (questionnaires site visits etc.

• Assistance with RFI/RFP processes and responses to client inquiries ensuring comprehensive risk management throughout the process

• Review third party and client contracts to validate appropriate security requirements and commitments

Qualifications :

• Bachelors degree in information technology Information Security Risk Management or a related field

• 23 years of career experience related to information security IT audit third party and/or risk

• Strong understanding of risk management principles and security frameworks (e.g. NIST ISO 27001 SOC2 PCIDSS)

• Extensive experience in evaluating vendor security and compliance in relation to regulatory and industry standards.

• Familiarity with industry GRC tools such as UpGuard Audit Board ServiceNow etc. is a plus/desirable

• Strong prioritization and organizational skills

• Ability to develop document and maintain procedures

• Strong verbal communication with the ability to advise management regarding third party and client risk management

• Ability to work independently and collaborate with crossfunctional teams

Additional Information :

• Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication)

• Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service)

• Ability to be thorough and meticulous in completing assigned tasks and identifying errors duplicates & discrepancies through defined methods. (Attention to Detail)

• Ability to identify assess and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)

About AECOM

AECOM is the worlds trusted infrastructure consulting firm delivering professional services throughout the project lifecycle from advisory planning design and engineering to program and construction management. On projects spanning transportation buildings water new energy and the environment our public and privatesector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise a culture of equity diversity and inclusion and a commitment to environmental social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom and @AECOM.

Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether youre working from an AECOM office remote location or at a client site you will be working in a dynamic environment where your integrity entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a safe and respectful workplace where we invite everyone to bring their whole selves to work using their unique talents backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation benefits and wellbeing programs to meet the diverse needs of our employees and their families. Were the worlds trusted global infrastructure firm and were in this together your growth and success are ours too.

Join us and youll get all the benefits of being a part of a global publicly traded firm access to industryleading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer we believe in each persons potential and well help you reach yours.

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Fulltime