Senior Cybersecurity Compliance Analyst (Hybrid - Houston or Dallas)
About The Position
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations. There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world. We're one global team driven by our common purpose to deliver a better world. Join us. AECOM is seeking a Senior Cybersecurity Compliance Analyst to support our Cybersecurity Governance Risk and Compliance (GRC) team. The Senior Cybersecurity Compliance Analyst is a subject‑matter expert responsible for leading the design, implementation, assessment, and continuous improvement of enterprise cybersecurity and other IT related controls and certification programs. This role serves as a key partner to external certifications/audit and internal IT, legal, and business stakeholders to strengthen the organization’s security and compliance posture. The Senior Analyst operates with a degree of autonomy, provides guidance to control owners and leadership, and mentors junior team members. The role plays a critical part in aligning cybersecurity, IT, and business objectives while ensuring the organization meets regulatory, customer, and industry expectations. This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute/virtual work and is based in either Houston or Dallas, TX.
Requirements
- Ability to manage cybersecurity controls design and compliance requirements
- Understanding of security architecture concepts and controls (including AI)
- Ability to interpret technical controls and translate them into compliance language
- Ability to build relationships and collaborate with others
- Strong communication, documentation, organizational, and analytical skills
- Attention to detail and documentation discipline
- Ability to work independently and manage multiple initiatives
- Ability to develop compliance dashboards, metrics, and executive reporting
- BA/BS in Information Security, Computer Science, Information Systems, or related field plus at least 6 years of experience in cybersecurity, risk management, compliance, or audit or demonstrated equivalency of experience and/or education
- Demonstrated experience managing security certification programs, controls design/implementation, and audits end‑to‑end
- Deep knowledge of cybersecurity controls and frameworks (ISO, NIST, SOC, COBIT)
- Strong stakeholder management, written communication, and reporting skills
- Ability to independently manage complex, multi‑stakeholder initiatives
- Ability to travel periodically
Nice To Haves
- Professional certifications such as CISA, CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Lead Auditor
- Hands‑on experience with GRC tools such as AuditBoard (Optro), UpGuard, ServiceNow, AI tools, etc.
- Understanding of AI frameworks and controls
Responsibilities
- Support and coordinate security certifications and attestations (e.g., Cyber Essentials, ISO 27001, DCC, etc.)
- Act as the primary liaison with external assessors, certification bodies, auditors, and internal customers
- Monitor and maintain ongoing compliance with certification requirements and audits, track emerging regulatory requirements, industry standards, and best practices
- Develop, implement, and manage enterprise cybersecurity and other IT controls aligned with various frameworks (e.g., NIST CSF, NIST SP 800‑53, ISO 27001, COBIT, etc.)
- Provide high level summaries and risk‑based recommendations for improved IT controls environment
- Serve as control framework subject‑matter expert, advising control owners on compliance requirements, implementation, optimization, and automation
- Establish and maintain control standards, methodologies, and evidence requirements
- Identify issues within the IT controls environment and drive remediation planning and validation
- Partner with various IT and other business teams to ensure controls are embedded into systems and processes and support security awareness across technical and business teams
- Identify opportunities for control optimization, automation, and GRC tooling improvements
- Mentor and provide guidance to junior analysts and project teams
Benefits
- medical
- dental
- vision
- life
- AD&D
- disability benefits
- paid time off
- leaves of absences
- voluntary benefits
- perks
- flexible work options
- well-being resources
- employee assistance program
- business travel insurance
- service recognition awards
- retirement savings plan
- employee stock purchase plan
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Number of Employees
5,001-10,000 employees
