Manager, Cybersecurity Risk Management
Bechtel Global Corporation, Reston, VA, United States
Job Details
Requisition ID:
292696
Relocation Authorized:
None
Telework Type:
Part-Time Telework
Work Location:
Reston, VA
Job Summary The Manager, Cybersecurity Risk Management focuses efforts on managing and reporting on cyber risks globally across Bechtel, playing a crucial role in assessing and managing risk, and driving mitigation plans associated with our wider cybersecurity program. The manager drives a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. The manager identifies and mitigates security risks; provides subject matter expertise and technical guidance to process owners; partners with Service Owners, GBU Managers, IT Architecture, Operations and Support, and Software Development, to contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business.
Major Responsibilities Risk Oversight
Develops and maintains a comprehensive cybersecurity risk management strategy, leads enterprise-wide cyber risk assessments and mitigation / remediation activities.
Collaborates with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
Monitors emerging threats and risk posture and activities accordingly.
Presents risk analysis, metrics, and mitigation plans to management and stakeholders.
Identifies risk and mitigating controls for information security exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, CIS, FedRAMP).
Mentors and develops junior risk analysts and cybersecurity professionals.
Assists with the administration and maintenance of the ServiceNow GRC platform.
Strategic Leadership, Business Partnership & Enablement
Translates risk insights into strategic decisions and enterprise-wide policies.
Contributes to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.
Develops metrics to track exception mitigation rates, approval / review rates, aging, and SLA compliance.
Drives initiatives that reduce recurring exception requests through enterprise-wide solutions.
Analytics
Monitors the effectiveness of the information security exceptions process in accordance with agreed upon metrics and performance measures to drive continuous improvements.
Conducts root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.
Collaborates with cross-functional teams to gather, interpret, and validate mitigating controls to ensure accuracy and relevance.
Education and Experience Requirements
Requires bachelor's degree plus 8+ years experience in information security risk, with at least 3 years in a risk management role or similar function.
Required Knowledge and Skills
Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
Strong expertise across commercial and government cloud services (AWS, Azure, GCP, OCI, etc.), on‑premises and application environments.
Experience with tools such as ServiceNow, GRC tools, Power BI, and cloud technologies.
Strong knowledge of risk frameworks (e.g., ISO 27005, NIST, ISO, PCI, SOX, etc.).
Proven ability to translate complex technical concepts into plain language for decision-makers.
Skilled in preparing polished deliverables that support informed decision-making.
Team player who builds trust across technical and non‑technical teams.
Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
Strong project management and delegation skills across diverse, cross‑functional initiatives
Preferred
Certifications such as CISSP, CISM, CRISC, or CISA.
5+ years of prior experience in EPCM (Engineering, Procurement, Construction / Project Management). Prefer global company background and/or Fortune 500 and/or EPC industry.
Comfortable working in a highly iterative environment, both structured and unstructured.
Metrics and visualization tools knowledge a plus (i.e., ServiceNow, Power BI, Tableau).
Advanced user of M365 Suite to prepare all project plans, deliverables, presentations, reports, and findings.
Total Rewards/Benefits For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive. Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards.
Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age,national origin, disability, citizenship status (except as authorized by law),protected veteran status, genetic information, and any other characteristic protected by federal, state or local law. Applicants with a disability, who require a reasonable accommodation for any part of the application or hiring process, may e-mail their request to acesstmt@bechtel.com
#J-18808-Ljbffr
Requisition ID:
292696
Relocation Authorized:
None
Telework Type:
Part-Time Telework
Work Location:
Reston, VA
Job Summary The Manager, Cybersecurity Risk Management focuses efforts on managing and reporting on cyber risks globally across Bechtel, playing a crucial role in assessing and managing risk, and driving mitigation plans associated with our wider cybersecurity program. The manager drives a comprehensive risk management program, while supporting peer cybersecurity teams in maturing and standardizing their programs. The manager identifies and mitigates security risks; provides subject matter expertise and technical guidance to process owners; partners with Service Owners, GBU Managers, IT Architecture, Operations and Support, and Software Development, to contribute to the reporting of a comprehensive view of the security risk posture and its impact on the business.
Major Responsibilities Risk Oversight
Develops and maintains a comprehensive cybersecurity risk management strategy, leads enterprise-wide cyber risk assessments and mitigation / remediation activities.
Collaborates with IT, legal, compliance, and business units to ensure risk mitigation strategies are embedded in operations.
Monitors emerging threats and risk posture and activities accordingly.
Presents risk analysis, metrics, and mitigation plans to management and stakeholders.
Identifies risk and mitigating controls for information security exceptions based on adherence to relevant company policies, standards, baselines, and industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, CIS, FedRAMP).
Mentors and develops junior risk analysts and cybersecurity professionals.
Assists with the administration and maintenance of the ServiceNow GRC platform.
Strategic Leadership, Business Partnership & Enablement
Translates risk insights into strategic decisions and enterprise-wide policies.
Contributes to the design of cybersecurity strategies by advising on risk reduction priorities related to exception and risk register trends.
Develops metrics to track exception mitigation rates, approval / review rates, aging, and SLA compliance.
Drives initiatives that reduce recurring exception requests through enterprise-wide solutions.
Analytics
Monitors the effectiveness of the information security exceptions process in accordance with agreed upon metrics and performance measures to drive continuous improvements.
Conducts root cause analysis on recurring issues to enhance process efficiency and reduce exception requests.
Collaborates with cross-functional teams to gather, interpret, and validate mitigating controls to ensure accuracy and relevance.
Education and Experience Requirements
Requires bachelor's degree plus 8+ years experience in information security risk, with at least 3 years in a risk management role or similar function.
Required Knowledge and Skills
Strong knowledge of cybersecurity frameworks, company policies, and regulatory requirements.
Strong expertise across commercial and government cloud services (AWS, Azure, GCP, OCI, etc.), on‑premises and application environments.
Experience with tools such as ServiceNow, GRC tools, Power BI, and cloud technologies.
Strong knowledge of risk frameworks (e.g., ISO 27005, NIST, ISO, PCI, SOX, etc.).
Proven ability to translate complex technical concepts into plain language for decision-makers.
Skilled in preparing polished deliverables that support informed decision-making.
Team player who builds trust across technical and non‑technical teams.
Demonstrated ability to work independently, adapt quickly, and drive tasks forward with limited direction.
Strong project management and delegation skills across diverse, cross‑functional initiatives
Preferred
Certifications such as CISSP, CISM, CRISC, or CISA.
5+ years of prior experience in EPCM (Engineering, Procurement, Construction / Project Management). Prefer global company background and/or Fortune 500 and/or EPC industry.
Comfortable working in a highly iterative environment, both structured and unstructured.
Metrics and visualization tools knowledge a plus (i.e., ServiceNow, Power BI, Tableau).
Advanced user of M365 Suite to prepare all project plans, deliverables, presentations, reports, and findings.
Total Rewards/Benefits For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive. Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards.
Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age,national origin, disability, citizenship status (except as authorized by law),protected veteran status, genetic information, and any other characteristic protected by federal, state or local law. Applicants with a disability, who require a reasonable accommodation for any part of the application or hiring process, may e-mail their request to acesstmt@bechtel.com
#J-18808-Ljbffr