GRC Security Lead

We are dedicated to the well-being of our associates and are proud to be consistently recognized as a Best Place to Work. Our compensation and benefits package not only supports our associates and their families but benefits local communities and communities around the world.

• Industry-leading performance-based bonus program
• 100% company funded retirement contributions
• Traditional and Roth 401k
• Tuition reimbursement for associates
• Scholarship for associates’ children up to $28,000 per child
• 1-month paid sabbatical after every five years of employment, plus $5,000 for travel
• 1-week paid volunteer leave each year
• 100% charitable match
• Medical, dental, and vision insurance coverage
• 100% paid 12-week maternity leave

At ARCO, our first core value is to treat people fairly and do the right thing. We are committed to building and sustaining a culture that supports diversity and inclusion. We are proud to be an equal opportunity employer, and all qualified applicants will receive consideration for employment.

From recruiting, training, and hiring practices to selecting our subcontractors, we understand that diversity of all those involved in the construction process enhances our ability to deliver the best solutions to our customers. We hire the best and the brightest from across the country – constructing a team of experts in architecture, design, engineering, project management, and business services.

• Maintain oversight and reporting for Governance, Risk, and Compliance activities
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks
• Document, formulate, prioritize, and enforce areas of security improvement that balance risk with business operations and not diminish efficiencies or innovation
• Maintain oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business leads when weaknesses are discovered
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to leadership
• Work with security and risk management leaders to perform ongoing security program assessments and create prioritized strategic technology directives
• Attend and engage in change management, architecture review board, and project management meetings
• Design and maintain security policy, standards, and operational processes
• Lead and maintain activities related to businesses security requirements mandated by standards and regulations including CMMC 2.0, NIST 800-171
• Assess and validate the assurance of the security program as a primary point of contact for internal and external auditors
• Monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business

• 5-8 years experience in cyber security as a practitioner and with at least 2-4 years exposure with various security frameworks
• Strong business acumen and security technology as well as proven ability to align with security practices and compliance responsibilities, including but not limited to HIPAA, GDPR, CMMC 2.0, and NIST 800-171.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
• Working knowledge of technology such as cloud computing and application security as well as an up-to-date understanding of incident response, system configuration, vulnerability management, and hardening guidelines
• Preferred experience with cloud environments such as Azure
• Demonstrated problem solving capabilities and ability to manage complex local and international security requirements
• Self-motivated, directed, and well organized, with the vision to position controls in anticipation of threats