Job Information
AECOM Federal Information Systems Safeguarding and Compliance Manager - Remote, Various US Locations in Houston, Texas
Company Description
Work with Us. Change the World.
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.
There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
We're one global team driven by our common purpose to deliver a better world. Join us.
Job Description
We are seeking a Manager, Federal Information Systems Safeguarding and Compliance. This individual will serve as a member of the Federal Business Services team and will report to the Director of Federal Business Services Federal Information Safeguarding and Compliance.
The candidate will be responsible for developing and supporting adherence to all aspects of a rigorous Secure Services compliance program as stipulated by DFARS, internal Cybersecurity Control Standards and associated NIST publications. The Manager is responsible for assisting the Director regarding IT and information system security issues by implementing common information system security practices, policies and technologies. Candidate will interface with multiple AECOM project teams and functional groups and provide support in developing proposals, responding to inquiries, define and deliver Secure Services as needed and provide direct support throughout the secure operation of federal projects. The candidate is required to be proficient in DFARS and Contractor Program Security functions, responsibilities, and disciplines that make up a strong Federal Security Program. Additionally, ideal candidate is a cyber security generalist and is experienced in providing guidance to both technical and operations delivery teams across all aspects of information security, ensuring adherence to federal regulations and best practices which promote secure and reliable delivery of mission critical services within a global enterprise.
This position will offer flexibility for primarily remote work schedules and can be based from a variety of US locations.
Roles and Responsibilities
Maintain operational security posture for programs and information systems
Information safeguarding interface to AECOM project teams
Participate in the system development lifecycle to ensure secure solutions are delivered
Ensure system security measures comply with applicable government policies
Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system
Ensure proper measures are taken when a federal information security incident or vulnerability is discovered
Assist IT in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems
Maintain thorough understanding of NIST 800-171 controls, as well as document implementation in the Systems Security Plan
Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security controls applied to a system are implemented and functional
Maintains awareness of upcoming customer / government driven changes and challenges and suggests approaches to meet those challenges
Ensure development and implementation of applicable Federal information security education, training, and awareness activities
Responsible for both the technical practice and operational management of one large or multiple small to medium sized offices/operating units with moderate complexity
Determines and executes the strategic direction of the office(s) to ensure financial profitability
Works in conjunction with the district and/or regional management to ensure financial success of the offices within the district or operating unit
Tasks and objectives:
Cloud services reduction- AWS
Onboard business teams, oversee the contractor provisioning SSD workspaces
Virtualize the SSD in Azure by working with project teams defining requirements, architecting and overseeing the delivery of assets, developing and updating project specific work instructions
Develop and document run books for virtualizing SSD applications
FY25 budgeting- roadmap
Peering with cleared facilities ISSM, develop cleared facilities run book.
Extend USA safeguarding knowledge to Canada
Information Security Oversight
Environment Security Initiatives
Environment Security Controls/Measures
Governance & Compliance Oversight
Regulatory Compliance Initiatives (NIST 800-171, CMMC II)
POA&M & Attestation Compliance
Engineering Oversight
Project Onboarding
Workload Support & Consumption
Operation & Maintenance Oversight
Azure GCC-High Support
Azure Networking Support
Azure Firewall Support
Azure Web Application Firewall Support
Azure Database Support
Azure Virtual Machines Support
SSD Helpdesk Oversight
Add ports document updates
Audit remediation
Mature and support FBS Artificial Intelligence, FAQ Bots, user self-service tools
Qualifications
Minimum Requirements:
Bachelor’s degree plus at least 8 years of relevant information security experience or demonstrated equivalency of experience and/or education (AS degree plus at least 10 years of relevant experience OR HS diploma plus at least 12 years of relevant experience)
Understanding of RMF such as: NIST SP 800-171, NIST SP 800-53, DFARS Clause 252.204-7012 and or FAR Clause 52.204-21
Technical & operational knowledge of cyber technologies such as (SSO, MFA, Endpoint Protection, Encryption, DLP, Vulnerability Scanning Firewalls, IDS/IPS, AWS)
Knowledge and experience with public cloud environments (Azure, AWS)
Knowledge of security methodologies, policies, standards and industry practices
Experience with large scale enterprise wide security projects
Due to nature of work, candidate must be a US Citizen
Preferred Qualifications:
Previous experience designing and implementing a Secure Services Domain is a plus
Prior experience with AECOM Information Safeguarding and Compliance
Strong quantitative and analytical skills
Past federal Cyber Security experience
Experience with Cybersecurity Maturity Model Certification (CMMC)
3+ years of experience securing enterprise networks and information systems according to Industry frameworks, such as NIST 800-171
Ability to remain organized, pay attention to detail, and meet critical deadlines
Strong written, verbal, interpersonal and presentation skills with the ability to lead meetings and present to large groups of technical and business personnel
Excellent time & people management skills, ability to effectively manage a large volume of work
Performing effectively in a team environment and independently with minimal direction; self-motivated and able to work on multiple activities in a fast paced environment
Additional Information
Sponsorship for US work authorization is not available for this position, now or in the future
Due to the remote nature of this position, relocation assistance is not available
Offered compensation will be based on location and individual qualifications. The expected range is $115,000.00 - $165,000.00.
About AECOM
AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.
AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.
Freedom to Grow in a World of Opportunity
You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.
You will help us foster a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.
AECOM provides a wide array of compensation, benefits and well-being programs to meet the diverse needs of our employees and their families. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.
Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.
All your information will be kept confidential according to EEO guidelines.
ReqID: J10118714
Business Line: Geography OH
Business Group: DCS
Strategic Business Unit: AME Support
Career Area: Information Technology
Work Location Model: Remote
Legal Entity: AECOM Technical Services Inc