Senior Cybersecurity Compliance Analyst (Hybrid - Houston or Dallas)

AECOM•Dallas, TX

6h•Hybrid

About The Position

AECOM is seeking a Senior Cybersecurity Compliance Analyst to support their Cybersecurity Governance Risk and Compliance (GRC) team. This role is a subject-matter expert responsible for leading the design, implementation, assessment, and continuous improvement of enterprise cybersecurity and other IT related controls and certification programs. The Senior Analyst acts as a key partner to external certifications/audit and internal IT, legal, and business stakeholders to strengthen the organization’s security and compliance posture. The role operates with a degree of autonomy, provides guidance to control owners and leadership, and mentors junior team members, playing a critical part in aligning cybersecurity, IT, and business objectives while ensuring the organization meets regulatory, customer, and industry expectations. This position offers flexibility for hybrid work schedules in Houston or Dallas, TX.

Requirements

BA/BS in Information Security, Computer Science, Information Systems, or related field plus at least 6 years of experience in cybersecurity, risk management, compliance, or audit or demonstrated equivalency of experience and/or education
Demonstrated experience managing security certification programs, controls design/implementation, and audits end‑to‑end
Deep knowledge of cybersecurity controls and frameworks (ISO, NIST, SOC, COBIT)
Strong stakeholder management, written communication, and reporting skills
Ability to independently manage complex, multi‑stakeholder initiatives
Ability to travel periodically
Ability to manage cybersecurity controls design and compliance requirements
Understanding of security architecture concepts and controls (including AI)
Ability to interpret technical controls and translate them into compliance language
Ability to build relationships and collaborate with others
Strong communication, documentation, organizational, and analytical skills
Attention to detail and documentation discipline
Ability to work independently and manage multiple initiatives
Ability to develop compliance dashboards, metrics, and executive reporting

Nice To Haves

Professional certifications such as CISA, CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Lead Auditor
Hands‑on experience with GRC tools such as AuditBoard (Optro), UpGuard, ServiceNow, AI tools, etc.
Understanding of AI frameworks and controls

Responsibilities

Support and coordinate security certifications and attestations (e.g., Cyber Essentials, ISO 27001, DCC, etc.)
Act as the primary liaison with external assessors, certification bodies, auditors, and internal customers
Monitor and maintain ongoing compliance with certification requirements and audits, track emerging regulatory requirements, industry standards, and best practices
Develop, implement, and manage enterprise cybersecurity and other IT controls aligned with various frameworks (e.g., NIST CSF, NIST SP 800‑53, ISO 27001, COBIT, etc.)
Provide high level summaries and risk‑based recommendations for improved IT controls environment
Serve as control framework subject‑matter expert, advising control owners on compliance requirements, implementation, optimization, and automation
Establish and maintain control standards, methodologies, and evidence requirements
Identify issues within the IT controls environment and drive remediation planning and validation
Partner with various IT and other business teams to ensure controls are embedded into systems and processes and support security awareness across technical and business teams
Identify opportunities for control optimization, automation, and GRC tooling improvements
Mentor and provide guidance to junior analysts and project teams