AECOM IT Third Party and Client Security Assurance Analyst in Taguig City, Philippines
Philippines - Manila, Taguig City
The use of third parties is an essential element in AECOM’s service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g. vendors, partners, suppliers) each of which pose security, compliance, and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function.
In this role, the analyst is expected to support the framework, operating model, and processes to ensure: (1) third parties are compliant with AECOM’s security standards and (2) that AECOM provides the same type of assurances to our client that its security program is compliant with regulatory requirements, standards, and client expectations.
Evaluate requests for third party engagements
Triage/complete requests from AECOM clients regarding AECOM’s control environment
Collaborate with business requestors, procurement, legal, and other teams to ensure questionnaires arecompleted timely
Collaborate with security/IT team members to ensure a full understanding of security controls, technology, and architecture
Conduct initial and periodic third-party risk assessments
Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to
identify potential risk to AECOM
Identify gaps/issues based on third party and/or client standards relative to security postures
Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT
Build and maintain an inventory of third parties
Establish and maintain a central repository of security questions/answers
Review third party and client contracts to validate appropriate security requirements and commitments
Manage AECOM’s response to existing and potential business partners/clients/third parties who are conducting security due diligence (questionnaires, site visits, etc.)
2-3 years of career experience related to information security, IT, audit, third party, and/or risk
Experience in completing and reviewing security and/or privacy questionnaires
Strong knowledge of security best practices (ISO, NIST Cybersecurity Framework, etc.)
Strong prioritization and organizational skills
Ability to develop, document, and maintain procedures
Strong verbal communication with the ability to advise management regarding third party and client risk management
- Knowledge of RSA’s Archer GRC platform desirable
What We Offer
When you join AECOM, you become part of a company that is pioneering the future. Our teams around the world are involved in some of the most cutting-edge and innovative projects and programs of our time, addressing the big challenges of today and shaping the built environment for generations to come. We ensure a workplace that encourages growth, flexibility and creativity, as well as a company culture that champions inclusion, diversity and overall employee well-being through programs supported by company leadership. Our core values define who we are, how we act and what we aspire to, which comes down to not only delivering a better world, but working to “make amazing happen” in each neighborhood, community and city we touch. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.
Job Category Information Technology
Business Line Geography OH
Business Group Design and Consulting Services Group (DCS)
Position Status Full-Time
Requisition/Vacancy No. 246794BR
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.