Recruitment fraud warning: Click here for more information.

slideshow content

Serpentine Pavilion

Fusing art, architecture and engineering

Designed by Diébédo Francis Kéré

United Kingdom

Good engineering is about observing, questioning and communicating to truly understand what’s at the heart of each project.

Amy Koerbel

Structural Designer, Buildings + Places

Moses Mabidha Stadium

Focusing on legacy, culture and location

South Africa

Contributing to projects that meld awe-inspiring design with economic and civic benefits is the ultimate career satisfaction.

Tim Ter Haar

Managing Director, Buildings + Places

Bloomberg European Headquarters

Encouraging cooperation and collaboration

United Kingdom

Our in-house expertise and wealth of knowledge across disciplines enable delivery of the most complex projects.

Coralie Soudee

Associate, Commercial Cost Management

Taizhou Bridge

Connecting with long-span suspension


In my work, I cross vast continents in search of new frontiers in bridge engineering. Bridges connect people and places, both physically and emotionally.

Dr. Robin Sham, CBE

Managing Director, Transportation

Connected and Automated Vehicles

Expanding mobility options

United States

We must consider the possible and not be limited by the tools and solutions available today. Our imagination and technical skills drive our solutions.

Veronica Siranosian

Director, AECOM Ventures

f a company that is <a href="" target="_blank">pioneering the future</a>. Our teams around t
ture that champions <a href="" target="_blank">inclusion, diversity</a> and overall <a href="" target="_blank">employee well-being</a> through programs su
any leadership. Our <a href="" target="_blank">core values</a> define who we are,
es down to not only <a href="" target="_blank">delivering a better world</a>, but working to “ma

Job Information

AECOM IT Third Party and Client Security Assurance Analyst in Taguig City, Philippines

Philippines - Manila, Taguig City

Job Summary

Role Purpose:

The use of third parties is an essential element in AECOM’s service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g. vendors, partners, suppliers) each of which pose security, compliance, and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function.

In this role, the analyst is expected to support the framework, operating model, and processes to ensure: (1) third parties are compliant with AECOM’s security standards and (2) that AECOM provides the same type of assurances to our client that its security program is compliant with regulatory requirements, standards, and client expectations.


  • Evaluate requests for third party engagements

  • Triage/complete requests from AECOM clients regarding AECOM’s control environment

  • Collaborate with business requestors, procurement, legal, and other teams to ensure questionnaires arecompleted timely

  • Collaborate with security/IT team members to ensure a full understanding of security controls, technology, and architecture

  • Conduct initial and periodic third-party risk assessments

  • Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to

  • identify potential risk to AECOM

  • Identify gaps/issues based on third party and/or client standards relative to security postures

  • Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT

  • Build and maintain an inventory of third parties

  • Establish and maintain a central repository of security questions/answers

  • Review third party and client contracts to validate appropriate security requirements and commitments

  • Manage AECOM’s response to existing and potential business partners/clients/third parties who are conducting security due diligence (questionnaires, site visits, etc.)

Minimum Requirements

  • 2-3 years of career experience related to information security, IT, audit, third party, and/or risk

  • Experience in completing and reviewing security and/or privacy questionnaires

  • Strong knowledge of security best practices (ISO, NIST Cybersecurity Framework, etc.)

  • Strong prioritization and organizational skills

  • Ability to develop, document, and maintain procedures

  • Strong verbal communication with the ability to advise management regarding third party and client risk management

Preferred Qualifications

  • Knowledge of RSA’s Archer GRC platform desirable

What We Offer

When you join AECOM, you become part of a company that is pioneering the future. Our teams around the world are involved in some of the most cutting-edge and innovative projects and programs of our time, addressing the big challenges of today and shaping the built environment for generations to come. We ensure a workplace that encourages growth, flexibility and creativity, as well as a company culture that champions inclusion, diversity and overall employee well-being through programs supported by company leadership. Our core values define who we are, how we act and what we aspire to, which comes down to not only delivering a better world, but working to “make amazing happen” in each neighborhood, community and city we touch. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

Job Category Information Technology

Business Line Geography OH

Business Group Design and Consulting Services Group (DCS)

Country Philippines

Position Status Full-Time

Requisition/Vacancy No. 246794BR

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.