Senior Cybersecurity Compliance Analyst (Hybrid Houston or Dallas)

AECOM is seeking a Senior Cybersecurity Compliance Analyst to support our Cybersecurity Governance Risk and Compliance (GRC) team. The Senior Cybersecurity Compliance Analyst is a subjectmatter expert responsible for leading the design implementation assessment and continuous improvement of enterprise cybersecurity and other IT related controls and certification programs. This role serves as a key partner to external certifications/audit and internal IT legal and business stakeholders to strengthen the organizations security and compliance posture.

The Senior Analyst operates with a degree of autonomy provides guidance to control owners and leadership and mentors junior team members. The role plays a critical part in aligning cybersecurity IT and business objectives while ensuring the organization meets regulatory customer and industry expectations.

This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute/virtual work and is based in either Houston or Dallas TX.

Key Responsibilities

• Support and coordinate security certifications and attestations (e.g. Cyber Essentials ISO 27001 DCC etc.)
• Act as the primary liaison with external assessors certification bodies auditors and internal customers
• Monitor and maintain ongoing compliance with certification requirements and audits track emerging regulatory requirements industry standards and best practices
• Develop implement and manage enterprise cybersecurity and other IT controls aligned with various frameworks (e.g. NIST CSF NIST SP 80053 ISO 27001 COBIT etc.)
• Provide high level summaries and riskbased recommendations for improved IT controls environment
• Serve as control framework subjectmatter expert advising control owners on compliance requirements implementation optimization and automation
• Establish and maintain control standards methodologies and evidence requirements
• Identify issues within the IT controls environment and drive remediation planning and validation
• Partner with various IT and other business teams to ensure controls are embedded into systems and processes and support security awareness across technical and business teams
• Identify opportunities for control optimization automation and GRC tooling improvements
• Mentor and provide guidance to junior analysts and project teams

Skills

• Ability to manage cybersecurity controls design and compliance requirements
• Understanding of security architecture concepts and controls (including AI)
• Ability to interpret technical controls and translate them into compliance language
• Ability to build relationships and collaborate with others
• Strong communication documentation organizational and analytical skills
• Attention to detail and documentation discipline
• Ability to work independently and manage multiple initiatives
• Ability to develop compliance dashboards metrics and executive reporting

Qualifications :

Minimum Qualifications

• BA/BS in Information Security Computer Science Information Systems or related field plus at least 6 years of experience in cybersecurity risk management compliance or audit or demonstrated equivalency of experience and/or education
• Demonstrated experience managing security certification programs controls design/implementation and audits endtoend
• Deep knowledge of cybersecurity controls and frameworks (ISO NIST SOC COBIT)
• Strong stakeholder management written communication and reporting skills
• Ability to independently manage complex multistakeholder initiatives
• Ability to travel periodically

Preferred Qualifications

• Professional certifications such as CISA CISM CISSP CRISC ISO 27001 Lead Implementer/Lead Auditor
• Handson experience with GRC tools such as AuditBoard (Optro) UpGuard ServiceNow AI tools etc.
• Understanding of AI frameworks and controls

Additional Information :

• Relocation assistance is not available for this position
• Sponsorship for US work authorization is not available for this position now or in the future.

About AECOM 

AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status AECOM benefits may include medical dental vision life AD&D disability benefits paid time off leaves of absences voluntary benefits perks flexible work options well-being resources employee assistance program business travel insurance service recognition awards retirement savings plan and employee stock purchase plan. 

AECOM is the global infrastructure leader committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities we solve our clients complex challenges in water environment energy transportation and buildings. Our teams partner with public- and private-sector clients to create innovative sustainable and resilient solutions throughout the project lifecycle from advisory planning design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2025. Learn more at . 

What makes AECOM a great place to work 

You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts youll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills helping you build the career youve always envisioned. Here youll find a welcoming workplace built on respect collaboration and communitywhere you have the freedom to grow in a world of opportunity. 

As an Equal Opportunity Employer we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines. 

Remote Work :

No

Employment Type :

Full-time