AECOM is seeking a Cybersecurity Risk Analyst to be based in Manila, Philippines.
The role is responsible for ensuring that the organization's cybersecurity program aligns with industry best practices, regulatory requirements, and internal policies. The role assesses and works through cyber risks, policy implementation, and assists in operating the cybersecurity exceptions and compliance management processes
Cyber Governance:
Assist in maintaining cybersecurity governance frameworks, policies, and standards.
Execute and follow/track tasks in a GRC (Governance, Risk & Compliance) platform.
Ensure alignment of cybersecurity strategies with business objectives, regulatory requirements, and industry best practices.
Establish and maintain effective communication channels with stakeholders to promote cybersecurity governance awareness and compliance.
Policy Lifecycle Management:
Assist with executing end-to-end policy lifecycle management process, including policy development, review, approval, and dissemination
Collaborate with cross-functional teams to identify policy needs, review existing policies, and ensure policy effectiveness and adherence
Monitor regulatory changes and industry trends to keep policies up-to-date and aligned with emerging cybersecurity risks and standards
General Risk Management:
Conduct risk assessment exercises to identify and prioritize cyber risks.
Work with key stakeholders such as Enterprise Risk Management, IT Infrastructure & Operations, Internal Audit, Legal, HR, and Supply Chain groups to communicate and manage Cybersecurity requirements and provide guidance around remediation or risk acceptance.
Provide guidance to IT, Business, and Functional teams on controls/security/risk management/compliance issues; ensure that project plans/technology initiatives are compliant with the support of a team lead or senior members of the team.
Communicate and execute risk mitigation strategies and action plans, working closely with relevant teams to implement controls and countermeasures.
Monitor and report on key risk indicators, track risk treatment plans, and provide recommendations for risk reduction and mitigation.
Cybersecurity Exceptions Management:
Assist with the process of handling cybersecurity exceptions and deviations from established policies or controls.
Evaluate exception requests, conduct risk assessments, and provide guidance on risk acceptance or mitigation measures with the support of a team lead or senior members of the team.
Ensure exceptions are properly documented, tracked, and reported to relevant stakeholders.