IT Third Party and Client Security Assurance Analyst

**Company Description**
**Work with Us. Change the World.**
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations.
There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
We're one global team driven by our common purpose to deliver a better world. Join us.
**Job Description**
The use of third parties is an essential element in AECOM's service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g., vendors, partners, suppliers) each of which poses security, compliance and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function.
In this role, the analyst is expected to support the framework, operating model and supervise processes to ensure: (1) third parties are compliant with AECOM's security standards and (2) that AECOM provides the same type of assurance to our clients that its security program is compliant with regulatory requirements, standards and client expectations.
**Responsibilities & Duties**
+ Evaluate requests for third party engagements
+ Conduct initial and periodic third-party risk assessments
+ Collaborate with business requestors, procurement, legal and other teams to ensure questionnaires are completed timely
+ Collaborate with security/IT team members to ensure a full understanding of security controls, technology and architecture
+ Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to identify potential risk to AECOM
+ Identify gaps/issues based on third party and/or client standards relative to security postures
+ Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT
+ Manage, enhance and implement the framework, policies, procedures and program governance to ensure alignment of TPRM with industry best practices and regulatory requirements (NIST, ISO27001, FedRamp, etc.)
+ Develop tactical and strategic plans to evolve the third-party risk management program to ensure compliance with new regulations and alignment with industry best practices
+ Triage/complete requests from AECOM clients regarding AECOM's control environment
+ Manage AECOM's response to existing and potential business partners/clients/third parties security due diligence (questionnaires, site visits, etc.)
+ Assistance with RFI/RFP processes and responses to client inquiries, ensuring comprehensive risk management throughout the process
+ Review third party and client contracts to validate appropriate security requirements and commitments
**Qualifications**
+ Bachelor's degree in information technology, Information Security, Risk Management or a related field
+ 2-3 years of career experience related to information security, IT, audit, third party and/or risk
+ Strong understanding of risk management principles and security frameworks (e.g., NIST, ISO 27001, SOC2, PCI-DSS)
+ Extensive experience in evaluating vendor security and compliance in relation to regulatory and industry standards.
+ Familiarity with industry GRC tools such as UpGuard, Audit Board, ServiceNow etc. is a plus/desirable
+ Strong prioritization and organizational skills
+ Ability to develop, document and maintain procedures
+ Strong verbal communication with the ability to advise management regarding third party and client risk management
+ Ability to work independently and collaborate with cross-functional teams
**Additional Information**
+ Ability to effectively communicate and collaborate within a specific group of internal and external customers. (Communication)
+ Ability to maintain good customer relationship with the ability to proactively support customer needs and requirements. (Customer Service)
+ Ability to be thorough and meticulous in completing assigned tasks and identifying errors, duplicates & discrepancies through defined methods. (Attention to Detail)
+ Ability to identify, assess and resolve simple to moderate issues by following defined policies and procedures. (Problem Solving)
**About AECOM**
AECOM is the world's trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle - from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.
**Freedom to Grow in a World of Opportunity**
You will have the flexibility you need to do your best work with hybrid work options. Whether you're working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.
You will help us foster a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.
AECOM provides a wide array of compensation, benefits and well-being programs to meet the diverse needs of our employees and their families. We're the world's trusted global infrastructure firm, and we're in this together - your growth and success are ours too.
Join us, and you'll get all the benefits of being a part of a global, publicly traded firm - access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person's potential, and we'll help you reach yours.
All your information will be kept confidential according to EEO guidelines.
**ReqID:** J10125212
**Business Line:** Geography OH
**Business Group:** DCS
**Strategic Business Unit:** GBS
**Career Area:** Information Technology
**Work Location Model:** Hybrid
**Legal Entity:** AECOM India Global Services Private Limited

---