The SF Climate Week 2025 calendar is now open! 🎉 Register for 200+ events now before they fill up.
View Events
Back

IT Third Party and Client Security Assurance Analyst

19 days ago
Full time role
In-person · Taguig, NCR, PH... more

The use of third parties is an essential element in AECOM’s service delivery model and creates the need for management oversight and continuous monitoring of their security capabilities and performance. AECOM works with many third parties (e.g., vendors, partners, suppliers) each of which poses security, compliance and operational risks. AECOM is recruiting Third Party and Client Security Analysts to support the centralized Third Party and Client Risk Management Function.

 

In this role, the analyst is expected to support the framework, operating model and supervise processes to ensure: (1) third parties are compliant with AECOM’s security standards and (2) that AECOM provides the same type of assurance to our clients that its security program is compliant with regulatory requirements, standards and client expectations.

 

Responsibilities & Duties

  • Evaluate requests for third party engagements

  • Conduct initial and periodic third-party risk assessments

  • Collaborate with business requestors, procurement, legal and other teams to ensure questionnaires are completed timely

  • Collaborate with security/IT team members to ensure a full understanding of security controls, technology and architecture

  • Review responses to security questionnaires, SOC 1 and SOC 2 assessment reports received from third parties to identify potential risk to AECOM

  • Identify gaps/issues based on third party and/or client standards relative to security postures

  • Devise remediation plans and monitor to ensure adherence by third parties and AECOM security/IT

  • Manage, enhance and implement the framework, policies, procedures and program governance to ensure alignment of TPRM with industry best practices and regulatory requirements (NIST, ISO27001, FedRamp, etc.)

  • Develop tactical and strategic plans to evolve the third-party risk management program to ensure compliance with new regulations and alignment with industry best practices

  • Triage/complete requests from AECOM clients regarding AECOM’s control environment

  • Manage AECOM’s response to existing and potential business partners/clients/third parties security due diligence (questionnaires, site visits, etc.)

  • Assistance with RFI/RFP processes and responses to client inquiries, ensuring comprehensive risk management throughout the process

  • Review third party and client contracts to validate appropriate security requirements and commitments

 

AECOM

Dallas, Texas, USA

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design ...

EnergyTransportation
View Company Profile
Subscribe