AECOM Cybersecurity Risk Analyst in Taguig City, Philippines
At AECOM, we’re delivering a better world.
We believe infrastructure creates opportunity for everyone. Whether it’s improving your commute, keeping the lights on, providing access to clean water or transforming skylines, our work helps people and communities thrive.
Our clients trust us to bring together the best people, ideas, technical expertise and digital solutions to our work in transportation, buildings, water, the environment and new energy. We’re one global team – 47,000 strong – driven by a common purpose to deliver a better world.
Here, you will have freedom to grow in a world of opportunity.
We will give you the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.
You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.
We will encourage you to grow and develop your career with us through our technical and professional development programs and diverse career opportunities. We believe in leadership at all levels. No matter where you sit in the organization you can make a lasting impact on the projects you work on, the teams and committees you join and our business.
We offer competitive pay and benefits, well-being programs to support you and your family, and the development resources you need to advance your career.
When you join us, you will connect and collaborate with a global network of experts – planners, designers, engineers, scientists, consultants, program and construction managers – leading the change toward a more sustainable and equitable future. Join us and let’s get started.
AECOM is seeking a Cybersecurity Risk Analyst to be based in Manila, Philippines
The role is responsible for ensuring that the organization's cybersecurity program aligns with industry best practices, regulatory requirements, and internal policies. The role assesses and works through cyber risks, policy implementation, and assists in operating the cybersecurity exceptions and compliance management processes.
Assist in maintaining cybersecurity governance frameworks, policies, and standards.
Execute and follow/track tasks in a GRC (Governance, Risk & Compliance) platform.
Ensure alignment of cybersecurity strategies with business objectives, regulatory requirements, and industry best practices.
Establish and maintain effective communication channels with stakeholders to promote cybersecurity governance awareness and compliance.
Policy Lifecycle Management:
Assist with executing end-to-end policy lifecycle management process, including policy development, review, approval, and dissemination
Collaborate with cross-functional teams to identify policy needs, review existing policies, and ensure policy effectiveness and adherence
Monitor regulatory changes and industry trends to keep policies up-to-date and aligned with emerging cybersecurity risks and standards
General Risk Management:
Conduct risk assessment exercises to identify and prioritize cyber risks.
Work with key stakeholders such as Enterprise Risk Management, IT Infrastructure & Operations, Internal Audit, Legal, HR, and Supply Chain groups to communicate and manage Cybersecurity requirements and provide guidance around remediation or risk acceptance.
Provide guidance to IT, Business, and Functional teams on controls/security/risk management/compliance issues; ensure that project plans/technology initiatives are compliant with the support of a team lead or senior members of the team.
Communicate and execute risk mitigation strategies and action plans, working closely with relevant teams to implement controls and countermeasures.
Monitor and report on key risk indicators, track risk treatment plans, and provide recommendations for risk reduction and mitigation.
Cybersecurity Exceptions Management:
Assist with the process of handling cybersecurity exceptions and deviations from established policies or controls.
Evaluate exception requests, conduct risk assessments, and provide guidance on risk acceptance or mitigation measures with the support of a team lead or senior members of the team.
Ensure exceptions are properly documented, tracked, and reported to relevant stakeholders.
Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or other relevant courses
At least 3 to 4 years of relevant experience in cyber governance, policy lifecycle management, general risk management, and cybersecurity exceptions management
Understanding and knowledge of cybersecurity frameworks (e.g., NIST Cybersecurity Framework, ISO 27001), cybersecurity controls, technologies, industry standards, and best practices
Familiarity with regulatory requirements and best practices in cybersecurity and privacy (e.g., GDPR, CCPA, HIPAA)
Understanding and knowledge around conducting risk assessments, threat modeling, and vulnerability assessments.
Relevant certifications such as CISSP, CISM, CRISC, or similar are desirable.
Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication)
Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service)
Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates, & discrepancies through defined methods. (Attention to Detail)
Ability to identify, assess, and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)
With infrastructure investment accelerating worldwide, our services are in great demand, and there’s never been a better time to be at AECOM! Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility.
AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.
As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.
Join us and let’s get started.
Business Line: Geography OH
Business Group: DCS
Strategic Business Unit: GBS
Career Area: Information Technology
Work Location Model: Hybrid