AECOM Senior Cyber Analyst in Aiken, South Carolina

United States of America - South Carolina, Aiken

Job Summary

Savannah River Remediation, an LLC of AECOM, is seeking an Senior Cyber Analyst to be based in our Aiken, SC location.

Responsible for the ongoing management of the organization’s Enterprise Risk Management Program. Performs risk analysis, conducts security assessments, and develops programmatic documentation to validate the implementation of a cyber security program aligned to adhere to regulations and to achieve company objectives.

Responsibilities:

  • Under minimal direction, develops security assessment plans and conducts security assessments, including reviewing and testing system security controls to ensure federal requirements are met within mission context, and to validate cyber security program execution against implementation statements.

  • Applies in-depth knowledge of industry practices and techniques to perform risk analysis of components and systems for incorporation into the existing accreditation boundaries (AB) to quantify potential impacts to the security profile.

  • Performs ad hoc testing and risk assessments to assist with development activities and / or vulnerability remediation.

  • Provides guidance to liquid waste personnel for the development of risk assessment documentation, supports review cycles with DOE and other contractor personnel.

  • Acts as the liquid waste liaison for audits, reviews, and assessments. Collects and provides requested documentation and information, participates in the review meetings, coordinates the response to security assessment reports.

  • Documents plans of action and milestones for corrective action following assessment activities, and in response to identified vulnerabilities; tracks remediation activities and efforts to address identified issues.

  • Provides guidance and assistance to liquid waste personnel for the development of cyber security program documentation in accordance with DOE Order requirements and NIST guidance to achieve and maintain authorization to operate (ATO).

  • With limited guidance, drafts cyber security policies and procedures and other supporting documentation for the liquid waste cyber security program. Maintains the library with the formal copies for certification and accreditation (C&A) and submits documents to records management, as necessary.

  • Develops, implements, monitors and maintains risk-based, actionable metrics for cyber security program efforts, including enterprise and business level key risk indicators (KRI).

  • Identifies improvement initiatives and performs analysis for selecting appropriate tools and methods to accomplish objectives. Work is reviewed upon completion for overall adequacy and accuracy.

  • Supports the Cyber Security user awareness program.

  • Other duties as assigned.

Minimum Requirements

  • Bachelor's degree in computer science or information technology, or equivalent field and 5+ years’ experience working in an information technology field with an emphasis in security

  • Individuals not possessing a four-year degree may qualify with an additional 4 years of related education and/or experience.

  • Due to the nature of the work, the candidate must be a US Citizen

Preferred Qualifications

  • Experience with Risk Management Frameworks and information security fundamentals / principles

  • Excellent written and verbal communications skills, specifically strong technical writing skills, with the ability to communicate effectively with all levels of staff and management

  • Experience defining/documenting business processes with consideration for assessing risk, both business and technical

  • Experience working in a regulated environment

  • Knowledgeable on FIPS and NIST guidelines, with experience related to security control testing and validation

  • Contributed to development and maintenance of an Accreditation Package in a DOE environment

  • Certified in Risk and Information Systems Control (CRISC) or Certified Information Security Systems Professional (CISSP)

What We Offer

AECOM is a place where you can put your innovative thinking and business skills into high gear and work alongside other highly intelligent and motivated people. It's a place where you can apply your skills to some of the world's most challenging, interesting, and meaningful projects worldwide. It's a place that values the diversity of our areas of practice and our people. It's what makes AECOM a great place to work and grow.

AECOM is an equal opportunity employer and Minorities, Females, Veterans, and Disabled persons are encouraged to apply. For further information, please click here to view the EEO Is The Law poster.

NOTICE TO THIRD PARTY AGENCIES:

Please note that AECOM does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, AECOM will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a previously signed agreement, AECOM explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of AECOM.

Job Category Information Technology

Business Line Government

Business Group Management Services Group (MS)

Country United States of America

Position Status Full-Time

Requisition/Vacancy No. 198432BR

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.