Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

We are seeking a Manager, Federal Information Systems Safeguarding and Compliance.  This individual will serve as a member of the Federal Business Services team and will report to the Director of Federal Business Services Federal Information Safeguarding and Compliance.

The candidate will be responsible for developing and supporting adherence to all aspects of a rigorous Secure Services compliance program as stipulated by DFARS, internal Cybersecurity Control Standards and associated NIST publications. The Manager is responsible for assisting the Director regarding IT and information system security issues by implementing common information system security practices, policies and technologies. Candidate will interface with multiple AECOM project teams and functional groups and provide support in developing proposals, responding to inquiries, define and deliver Secure Services as needed and provide direct support throughout the secure operation of federal projects. The candidate is required to be proficient in DFARS and Contractor Program Security functions, responsibilities, and disciplines that make up a strong Federal Security Program. Additionally, ideal candidate is a cyber security generalist and is experienced in providing guidance to both technical and operations delivery teams across all aspects of information security, ensuring adherence to federal regulations and best practices which promote secure and reliable delivery of mission critical services within a global enterprise.

This position will offer flexibility for primarily remote work schedules and can be based from a variety of US locations.

Roles and Responsibilities

Maintain operational security posture for programs and information systemsInformation safeguarding interface to AECOM project teamsParticipate in the system development lifecycle to ensure secure solutions are deliveredEnsure system security measures comply with applicable government policiesProvide configuration management and accurately assess the impact of modifications and vulnerabilities for each systemEnsure proper measures are taken when a federal information security incident or vulnerability is discoveredAssist IT in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information SystemsMaintain thorough understanding of NIST 800-171 controls, as well as document implementation in the Systems Security PlanConduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security controls applied to a system are implemented and functionalMaintains awareness of upcoming customer / government driven changes and challenges and suggests approaches to meet those challengesEnsure development and implementation of applicable Federal information security education, training, and awareness activitiesResponsible for both the technical practice and operational management of one large or multiple small to medium sized offices/operating units with moderate complexityDetermines and executes the strategic direction of the office(s) to ensure financial profitabilityWorks in conjunction with the district and/or regional management to ensure financial success of the offices within the district or operating unit

Tasks and objectives:

Cloud services reduction- AWSOnboard business teams, oversee the contractor provisioning SSD workspacesVirtualize the SSD in Azure by working with project teams defining requirements, architecting and overseeing the delivery of assets, developing and updating project specific work instructionsDevelop and document run books for virtualizing SSD applicationsFY25 budgeting- roadmapPeering with cleared facilities ISSM, develop cleared facilities run book.Extend USA safeguarding knowledge to CanadaInformation Security OversightEnvironment Security InitiativesEnvironment Security Controls/MeasuresGovernance & Compliance OversightRegulatory Compliance Initiatives (NIST 800-171, CMMC II)POA&M & Attestation ComplianceEngineering OversightProject OnboardingWorkload Support & ConsumptionOperation & Maintenance OversightAzure GCC-High SupportAzure Networking SupportAzure Firewall SupportAzure Web Application Firewall SupportAzure Database SupportAzure Virtual Machines SupportSSD Helpdesk OversightAdd ports document updatesAudit remediationMature and support FBS Artificial Intelligence, FAQ Bots, user self-service tools

Qualifications

Minimum Requirements:

Bachelor’s degree plus at least 8 years of relevant information security experience or demonstrated equivalency of experience and/or education (AS degree plus at least 10 years of relevant experience OR HS diploma plus at least 12 years of relevant experience)Understanding of RMF such as: NIST SP 800-171, NIST SP 800-53, DFARS Clause 252.204-7012 and or FAR Clause 52.204-21Technical & operational knowledge of cyber technologies such as (SSO, MFA, Endpoint Protection, Encryption, DLP, Vulnerability Scanning Firewalls, IDS/IPS, AWS)Knowledge and experience with public cloud environments (Azure, AWS)Knowledge of security methodologies, policies, standards and industry practicesExperience with large scale enterprise wide security projectsDue to nature of work, candidate must be a US Citizen

Preferred Qualifications:

Previous experience designing and implementing a Secure Services Domain is a plusPrior experience with AECOM Information Safeguarding and ComplianceStrong quantitative and analytical skillsPast federal Cyber Security experienceExperience with Cybersecurity Maturity Model Certification (CMMC)3+ years of experience securing enterprise networks and information systems according to Industry frameworks, such as NIST 800-171Ability to remain organized, pay attention to detail, and meet critical deadlinesStrong written, verbal, interpersonal and presentation skills with the ability to lead meetings and present to large groups of technical and business personnelExcellent time & people management skills, ability to effectively manage a large volume of workPerforming effectively in a team environment and independently with minimal direction; self-motivated and able to work on multiple activities in a fast paced environment

Additional InformationSponsorship for US work authorization is not available for this position, now or in the futureDue to the remote nature of this position, relocation assistance is not available

About AECOM

AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.

 

Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation, benefits and well-being programs to meet the diverse needs of our employees and their families. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.