Sr. Analyst, Security Governance, Risk, and Compliance Job Details | Aecon

Come Build Your Career at Aecon!

As a Canadian leader in infrastructure development, Aecon is safely and sustainably building what matters for future generations to thrive! We lead some of the most impactful infrastructure projects of our generation, at the forefront of transformational change in transportation and energy, and partnering every day to build, connect, power, and strengthen our communities.

At Aecon, you can count on:

• Safety Always. Our number one core value. If we cant do it safely, we dont do it at all.
• Integrity. We lead by example, with humility and courage.
• Accountability. Were passionate about delivering on our commitments.
• Inclusion. We provide equitable opportunities for everyone.

We lead the infrastructure industry with purpose, and our people are at the heart of everything we do. So, we invest in our people, just like they invest in us!

At Aecon we:

• Ensure you and your family receive the services needed to support your mental, emotional, and physical well-being.
• Believe in helping you build your career through our Aecon University and Leadership Programs.
• Are committed to supporting and investing in inclusive work environments, through initiatives like Equity, Diversity & Inclusion training, our Aecon Women in Trades and Aecon Diversity in Trades programs, and our Employee Resource Groups (ERGs) to ensure we are building inclusion into every aspect of our culture at Aecon.
• Are a leader in sustainable construction. With a strong commitment to operating responsibly by minimizing our impact on the environment and surrounding communities.

Our business success relies on strong execution and continuous improvement driven by the diversity, expertise and teamwork of our people. Were always searching the globe for innovative, collaborative minds to join our best-in-class Aecon community!

About Us

At Aecon, were building the future, and our people are at the heart of everything we do. We're always looking for exceptional talent to work on our exciting and ever-expanding project portfolios. We are focused on being the #1 Canadian Infrastructure Company and the first-choice employer in our industry.

What's the Opportunity?

We are looking to hire a Sr. Analyst, Security Risk & Compliance to join our team

What Youll Do Here:

• Perform security risk assessments of new or existing services, applications, technologies and vendors. Documents and effectively communicates findings to key stakeholders
• Provide consultative advice to help IS and the business make informed risk management decisions
• Identify and recommend appropriate controls to address identified security risks and help strengthen Aecons security posture
• Identify opportunities to enhance existing processes for identifying and managing security risk
• Design, operate and manage a compliance framework with associated controls that align with ISO 27001
• Maintain existing and develop new information security governance documents, including policies, standards, procedures and guidelines
• Work with Internal Audit, Legal, Privacy and other key stakeholders to ensure that IS policies, procedures and controls are aligned with all associated requirements
• Liaise with internal/external auditors, clients and business teams to facilitate audits and/or risk reviews and help to collect the required information. Ensure timely management response to findings and track remediation through to closure
• Ensure that in-place security controls are working effectively by designing and implementing appropriate KPIs and/or KRIs for reporting
• Prepare monthly, quarterly and annual reports and/or presentations for various senior management audiences, including steering committees and board of directors
• Validate appropriate security controls of vendors and other 3rd parties who safeguard the companys information assets and computer systems by performing contract reviews and security compliance reviews
• Conduct monthly reviews with security service providers to ensure compliance with service level agreements (SLAs) and other contractual/service requirements
• Act as a backfill for other security team members, as required

What You Bring to the Team:

• A university degree in Computer Science, Information Security or related equivalent is required
• CISM, CISA, CRISC or CISSP certifications are an asset
• 8+ years of experience in an IT related field
• 5+ years in an information security/compliance function or IT audit role
• 3+ years of experience in information security risk management
• Significant knowledge of, and experience with, legal and regulatory compliance standards such as GDPR, PCI-DSS, PHIPA, ISO 2700-1 and/or NIST
• Significant knowledge of computer networking concepts and protocols and IT security methodologies
• Ability to adapt to constantly changing technical, regulatory, and compliance environments
• Results oriented, high energy, and self-motivated
• Excellent verbal and written communication skills
• Ability to work in a team-oriented, collaborative environment
• Strong problem solving and analytical skills
• Ability to handle multiple competing priorities and meet tight deadlines

• Stakeholder Management
• Strong demonstrated ability to influence with and without direct authority
• High degree of emotional intelligence; ability to consider multiple points of view, strong self-awareness, and social skills to maneuver through situations with diverse stakeholders
• Organization Savviness, ability to effectively maneuver through complex political situations, understand how people and organizations function, and anticipate issues and plan an approach accordingly
• Business Acumen
• Knows how the businesses work
• Knowledgeable in current and future practices, trends, technology, and information affecting the business and the organization
• Adaptive Thinking
• Strong change leadership skills with a demonstrated ability to effectively lead both small and larger scale organizational change.
• Critical thinking capability by applying sound analysis and logical reasoning to evaluate ideas, decisions and outcomes. Able to properly evaluate the quality of evidence and reasoning, then draw appropriate conclusions.
• Decision Making
• Makes sound decisions involving the most complex information and dynamic situations.
• Demonstrates sound judgment.
• Effective risk orientation to complement business performance curious and innovative
• Influencing
• Positively influences colleagues to take decisions and actions that ultimately benefit the organization
• Uses influencing strategies to gain genuine agreements
• Problem Solving
• Uses logic and techniques to solve complex problems with effective solutions
• Asks the right probing questions to help achieve the best outcome

Aecon fosters diversity, inclusion and belonging within and across our organization. We welcome all to apply including, women, visible minorities, Indigenous peoples, persons with disabilities, and persons of any sexual orientation or gender identity.

If you require accommodation under the ACA during any step of the application process please click here.