Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

The Security Compliance Sr. Manager is responsible for ensuring the organization’s compliance with internal cybersecurity policies, SOX (Sarbanes-Oxley Act) requirements, and other relevant regulatory frameworks. This role includes managing the entire compliance lifecycle, from policy development and audit management to exceptions handling and risk assessments. The Security Compliance Sr. Manager will work closely with internal teams, external auditors, and stakeholders to maintain and enhance the organization's security posture.

This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute/virtual work to be based from either Dallas or Houston, TX.

Key Responsibilities:

• SOX Compliance:

• Lead and manage all SOX-related IT compliance activities, including scoping, control documentation, testing, and remediation.

• Collaborate with internal and external auditors to facilitate SOX audits, ensuring all IT controls are operating effectively.

• Identify, document, and remediate SOX control deficiencies, and drive continuous improvement initiatives for SOX compliance.

• Perform controls validation for compliance.

• Internal Cybersecurity Compliance:

• Ensure compliance with internal cybersecurity policies, standards, and procedures aligned with industry best practices and regulatory requirements (e.g., NIST, ISO 27001).

• Conduct regular assessments of the organization’s cybersecurity posture, identify gaps, and work with relevant teams to implement corrective actions.

• Manage the cybersecurity compliance calendar, ensuring timely completion of compliance tasks, assessments, and audits.

• Exceptions Management:

• Manage the process for documenting, reviewing, and approving security exceptions.

• Assess the risk associated with exceptions, provide recommendations for mitigation, and ensure approved exceptions are tracked and reviewed periodically.

• Work closely with IT and business units to ensure that all exceptions are justified, documented, and compliant with company policies.

• Audit Management:

• Work with Internal Audit team to ensure timely remediation of Action plans associated with Information Technology.

• Coordinate with external auditors and internal teams to gather necessary evidence, respond to audit inquiries, and address audit findings.

• Develop and implement remediation plans for any identified security and compliance gaps, ensuring timely resolution.

• Reporting and Documentation:

• Maintain accurate and up-to-date documentation for all compliance activities, including policies, procedures, risk assessments, and audit findings.

• Provide regular reports to senior management on the status of compliance initiatives, audit results, and risk management activities.

• Continuous Improvement:

• Stay informed about the latest developments in cybersecurity regulations, standards, and best practices.

• Continuously assess and improve the organization’s compliance program to adapt to changing regulatory requirements and evolving cyber threats.

Skills/Abilities:

• Ability to gather, integrate, validate, and analyze relevant data to develop resolutions, findings, and recommendations.

• Ability to maintain a high level of collaboration among multiple internal and external stakeholders to effectively arrive at solutions and develop initiatives.

• Ability to effectively communicate and collaborate with various internal and external customers globally. Ability to use tact and discretion in delivering critical and sensitive information to peers, stakeholders, and direct reports.

• Excellent project management and organizational skills.

• Strong analytical and problem-solving abilities.

Qualifications

Minimum Requirements:

• Bachelor’s degree in Information Security, Information Technology, Computer Science, or a related field plus at least 10 years of relevant experience in IT security compliance, with a focus on SOX, internal cybersecurity, and regulatory compliance, including at least 2 years of leadership experience.

• Demonstrated experience in managing IT audits and working with auditors.

• Proven track record of successfully managing exceptions and remediating compliance issues.

• Strong understanding of SOX compliance requirements and IT controls.

Preferred Qualifications:

• Professional certifications such as CISSP, CISM, CRISC, or CISA are highly preferred.

• In-depth knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001, COBIT) and regulatory requirements.

• Experience working in a professional services organization, or experience working for a similarly large, complex, global company

• Effective communication and interpersonal skills, with the ability to interact with all levels of the organization

Additional Information

• Relocation assistance is not available for this position

• Sponsorship for US work authorization is not available for this position, now or in the future

Offered compensation will be based on location and individual qualifications. The expected range is $160,000.00 - $190,000.00.

About AECOM

AECOM is proud to offer a comprehensive benefits program to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absence, voluntary benefits, perks, U.S. and global well-being programs, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.

Freedom to Grow in a World of Opportunity

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.

ReqID: J10115316

Business Line: Corporate

Business Group: Corporate

Strategic Business Unit: Information Technology

Career Area: Information Technology

Work Location Model: Hybrid

Legal Entity: AECOM