GRC Security Lead

ABOUT YOU:

Do you have a passion for enabling business with secure, top-tier technology? Do you thrive in a fast paced and ever-evolving environment? Then we have the next career move for you! Who are we? We are ARCO, a Family of Construction Companies.

The GRC Security Lead is also responsible for the design and maintenance of security policy. As a key member of the security team, the GRC Security Lead must focus on strong risk management and resiliency and not be driven solely by compliance.

WHAT WE CAN OFFER YOU:

We are dedicated to the well-being of our associates and are proud to be consistently recognized as a Best Place to Work. Our compensation and benefits package not only supports our associates and their families but benefits local communities and communities around the world.

• Industry-leading performance-based bonus program
• 100% company funded retirement contributions
• Traditional and Roth 401k
• Tuition reimbursement for associates
• Scholarship for associates’ children up to $28,000 per child
• 1-month paid sabbatical after every five years of employment, plus $5,000 for travel
• 1-week paid volunteer leave each year
• 100% charitable match
• Medical, dental, and vision insurance coverage
• 100% paid 12-week maternity leave

At ARCO, our first core value is to treat people fairly and do the right thing. We are committed to building and sustaining a culture that supports diversity and inclusion. We are proud to be an equal opportunity employer, and all qualified applicants will receive consideration for employment.

From recruiting, training, and hiring practices to selecting our subcontractors, we understand that diversity of all those involved in the construction process enhances our ability to deliver the best solutions to our customers. We hire the best and the brightest from across the country – constructing a team of experts in architecture, design, engineering, project management, and business services.

A DAY IN THE LIFE:

• Overseeing and reporting for Governance, Risk, and Compliance activities
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks
• Document, formulate and enforce areas of security improvement that balance risk with business operations and not diminish efficiencies or innovation
• Maintain oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business leads when weaknesses are discovered
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to leadership
• Work with security and risk management leaders to perform ongoing security program assessments and create strategic technology directives
• Attend and engage in change management and project management meetings
• Oversee the businesses security requirements and obligations mandated by standards and regulatory regulations including CMMC, NIST 800-171.
• Assess and validate the assurance of the security program as a primary point of contact for internal and external auditors
• Monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business
• Focus on strong risk management and corporate resiliency and not be driven solely by compliance

NECESSARY QUALIFICATIONS:

• 5-8 years experience in cyber security as a practitioner and with at least 2-4 years exposure with various security frameworks
• Strong business acumen in security technology as well as proven ability to align with security practices and compliance responsibilities, including but not limited to HIPAA, GDPR, CMMC, and NIST 800-171.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
• Working knowledge of technology such as cloud computing and application security as well as an up-to-date understanding of incident response, system configuration, vulnerability management, and hardening guidelines
• Preferred experience with cloud environments such as Azure
• Demonstrated problem solving capabilities and ability to manage complex local and international security requirements.
• Self-motivated, directed, and well organized, with the vision to position controls in anticipation of threats