Senior Cyber Risk & Compliance Manager
Overland Park, KS, US Houston, TX, US
Together, we own our company, our future, and our shared success.
As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.
Company : Black & Veatch Corporation
Req Id : 105398
Opportunity Type : Staff
Relocation eligible : No
Full time/Part time : Full-Time
Project Only Hire : No
Visa Sponsorship Available: No
Why Black and Veatch
Recognized by Glassdoor as a 2023 Top 100 place to work, Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. Our hybrid environment allows you to balance your work and personal life.
At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.
The Opportunity
The Senior Cyber Risk & Compliance Manager will be responsible to establish and maintain the Governance, Risk and Compliance; and Privacy Program. In this role, the Compliance Manager will have the opportunity to develop and maintain Policies, Standards, Security baselines, Risk framework & treatment strategy, maintenance of compliance framework, Privacy policies and procedures, as well as build & measure KRI & KPI metrics for compliance. Additionally, the Compliance Manager will execute the planning and performance of risk assessments, while working directly with the technical and business stakeholders to identify appropriate risk factors, assess the adequacy of existing controls, assist and drive remediation of control weaknesses to ensure compliance requirements are maintained.
Key Responsibilities
- Develop, implement, mature and champion risk management framework and processes to manage risk and control activities including risk identification, measurement, prioritization, and mitigation
- Develop and evangelize and execute on GRC strategy and roadmap through effective prioritization of critical controls and initiatives
- Develop and maintain the policies, standards and procedures lifecycle, document processes, risks, exceptions, issues & action plan
- Establish and collaborate on risk treatment strategies, risk tolerance and risk appetite with business stakeholders
- Proactively and consistently manage BV’s critical compliance frameworks, including Security Controls Framework, SOC2 Type 2, CMMC, ISO 27001, NIST CSF, GDPR, etc.
- Lead and manage internal and external audits, such as scope definition, audit readiness, control domain walkthroughs, evidence collection and documentation
- Proactively conduct risk assessments through continuous monitoring and working with control and process owners to identify ways to mitigate risks and improve security posture
- Continuously monitor and evaluate third party risk, through vendor risk assessments and independent security reviews
- Analyze and assess the current and future risk and compliance landscape, providing realistic and pragmatic risk assessments to evolve and mature the security and compliance program
- Evolve and lead user behavior programs including annual security awareness training, awareness campaigns in partnership with communications team, and conduct phishing simulation and remedial training
- Develop and maintain GRC tools and platform to monitor and manage risks across the organization, including risk assessment workflows, risk & control dashboard, operating effectiveness of controls, risk metrics, and remediation status
- Review and negotiate contracts and third-party agreements for security and compliance obligations and for risk treatment decisions
- Establish and facilitate Cyber risk and Privacy committees to provide a comprehensive view of cyber risk and privacy issues for governance and compliance
- Develop and implement Privacy policies, privacy controls and oversee ongoing compliance of privacy requests, including DSAR’s, cookie consent, privacy notices, DPIA, ROPA, etc.
- Manage and respond to Client security questionnaires and report on risk management issues to the business for prioritization and remediation
- Work closely with legal, finance, risk management, D&IT and other departments to integrate GRC practices into all aspects of the business
- Perform other duties as assigned
Management Responsibilities
Preferred Qualifications
- Bachelor’s degree in information security or Computer Science or related field
- Minimum 7 years of overall experience in Cyber Security with a focus on GRC, IT Audit, Risk Assessments & Privacy
- Must have 3 years of experience in GRC, CMMC compliance, ISO 27001 compliance and SOC2 Type 2 attestation process
- At least one certification such as CISSP, CISM, CISA, CRISC, CIPP
- Demonstrated experience applying security and risk frameworks, regulations, and privacy such as NIST CSF/800-53/800-171, NERC CIP, CIS, CMMC, SOC2, GDPR, etc.
- Experience in developing security policies and standards, risk assessments, third party risk programs, risk management, risk registries, regulatory compliance, security awareness training and testing, security metrics, privacy, and other relevant GRC areas
- Knowledge of key U.S and international privacy laws and regulations, including GDPR, CASL, CCPA and willingness to learn and stay updated on privacy requirements
- Experience in Risk & Control Assessment, IT audit, Supplier Risk Management, Vulnerability management, IAM and Security Architecture
- Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do" attitude
- Knowledge of current threats and regulatory best practices in the Cyber Security and OT security
- Ability to communicate and work effectively with others, harness different skills and experience, and build a strong sense of team spirit
- Action and results-oriented with the ability to overcome obstacles, able to work well under deadlines in a changing environment
- Ability to adjust quickly to shifting priorities, and decision-making skills with limited information
- Excellent verbal communication, and interpersonal skills to document and communicate findings, escalate critical findings to stakeholders
Minimum Qualifications
All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.
Work Environment/Physical Demands
Normal office environment with a hybrid work schedule: 3 days in office and 2 days remote
Salary Plan
Job Grade
Black & Veatch endeavors to make www.bv.com/careers accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process because of a disability, please contact the Employee Relations Department at +1-913-359-1622 or via our accommodations request form. This contact information is for disability accommodation requests only; you may not use this contact information to inquire about the status of applications. General inquiries about the status of applications will not be returned.
Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy.
Our comprehensive benefits portfolio is a key component of this commitment and offers an array of health care benefits including but not limited to medical, dental and vision insurances along with disability and a robust wellness program.
To support a healthy work-life balance, we offer flexible work schedules, paid vacation and holiday time, sick time, and dependent sick time.
A variety of additional benefits are available to our professionals, including a company-matched 401k plan, adoption reimbursement, tuition reimbursement, vendor discounts, an employment referral program, AD&D insurance, pre-taxed accounts, voluntary legal plan and the B&V Credit Union. Professionals may also be eligible for a performance-based bonus program.
We are proud to be a 100 percent ESOP-owned company. As employee-owners, our professionals are empowered to drive not only their personal growth, but the company's long-term achievements - and they share in the financial rewards of the success through stock ownership.
By valuing diverse voices and perspectives, we cultivate an authentically inclusive environment for professionals and are able to provide innovative and effective solutions for clients.
Black & Veatch Holding Company, its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) affirmative action laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.
For our EEO Policy Statement, please click here. If you’d like more information on your EEO rights under the law, please click here and here.
Notice to External Search Firms: Black & Veatch does not accept unsolicited resumes and will not be obligated to pay a placement fee for unsolicited resumes. Black & Veatch Talent Acquisition engages with search firms directly for hiring needs.
Nearest Major Market: Olathe
Nearest Secondary Market: Kansas City
Job Segment:
Engineer, Engineering