Recruitment fraud warning: Click here for more information.

AECOM Careers. Work with us. Change the world. We believe infrastructure has the power to uplift communities and improve people's lives.

Job Information

AECOM Third Party and Client Security Assurance Analyst in Taguig City, Philippines

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of nearly 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

AECOM is seeking a Third Party and Client Security Assurance Analyst to be based in Manila, Philippines

Job Description:

The use of third parties is an essential element in AECOM’s service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g. vendors, partners, suppliers) each of which poses security, compliance, and operational risks. AECOM is recruiting third-party and Client Security Analysts to support the centralized third-party and Client Risk Management Function.

In this role, the analyst is expected to support the framework, operating model, and processes to ensure: (1) third parties are compliant with AECOM’s security standards and (2) that AECOM provides the same type of assurance to our clients that its security program is compliant with regulatory requirements, standards, and client expectations.

Role & Responsibilities:

  • Evaluate requests for third-party engagements

  • Triage/complete requests from AECOM clients regarding AECOM’s control environment

  • Collaborate with business requestors, procurement, legal, and other teams to ensure questionnaires are

  • completed timely

  • Collaborate with security/IT team members to ensure a full understanding of security controls, technology, and

  • architecture

  • Conduct initial and periodic third-party risk assessments

  • Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to

  • Identify potential risks to AECOM

  • Identify gaps/issues based on third-party and/or client standards relative to security postures

  • Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT

  • Build and maintain an inventory of third parties

  • Establish and maintain a central repository of security questions/answers

  • Review third-party and client contracts to validate appropriate security requirements and commitments

  • Manage AECOM’s response to existing and potential business partners/clients/third parties' security due diligence (questionnaires, site visits, etc.)



  • Bachelor's degree in Information Technology (IT), Cybersecurity, Risk Management, or other relevant courses

  • 3-5 years of career experience related to information security, IT, audit, third-party, and/or risk

  • Manage, enhance, and implement the framework, policies, procedures, and program governance to ensure alignment of TPRM with industry best practices and regulatory requirements (NIST, FFIEC, OCC, etc.)

  • Develop tactical and strategic plans to evolve the third-party risk management program to ensure compliance with new regulations and alignment with industry best practices

  • Experience in completing and reviewing security and/or privacy questionnaires

  • Strong knowledge of security best practices (ISO, NIST Cybersecurity Framework, etc.)

  • Strong knowledge of regulatory requirements and best practices in cybersecurity and privacy (e.g., GDPR, PCI-DSS, HIPAA)

  • Relevant certifications such as CISSP, CISA, CRISC, or similar are desirable.

  • Strong prioritization and organizational skills

  • Ability to develop, document, and maintain procedures

  • Strong verbal communication with the ability to advise management regarding third-party and client risk management

  • Knowledge of RSA’s Archer GRC platform is desirable


  • Ability to effectively communicate and collaborate with a specific group of internal and external customers. (Communication)

  • Ability to maintain good customer relationships with the ability to proactively support customer needs and requirements. (Customer Service)

  • Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates, & discrepancies through defined methods. (Attention to Detail)

  • Ability to identify, assess, and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)

Additional Information


AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $13.1 billion in fiscal year 2022. See how we are delivering sustainable legacies for generations to come at and @AECOM.

Freedom to Grow in a World of Opportunity

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.

ReqID: J10094426

Business Line: Geography OH

Business Group: DCS

Strategic Business Unit: GBS

Career Area: Information Technology

Work Location Model: Hybrid