Job Information
ARCO GRC Security Lead in St. Louis - Brentwood, Missouri
ABOUT YOU
Do you have a passion for enabling business with secure, top-tier technology? Do you thrive in a fast paced and ever-evolving environment? Then we have the next career move for you! Who are we? We are ARCO, a Family of Construction Companies.
The Governance, Risk, and Compliance (GRC) Security Lead is responsible for supporting the security direction of the business and elevating the company’s security posture. The role oversees the businesses’ security requirements and obligations mandated by standards and regulatory obligations. The GRC Security Lead assesses and validates the assurance of the security program and acts as a primary point of contact for auditors. The GRC Security Lead monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. The GRC Security Lead is also responsible for the design and maintenance of security policy. As a key member of the security team, the GRC Security Lead must focus on strong risk management and resiliency and not be driven solely by compliance.
WHAT WE CAN OFFER YOU
We are dedicated to the well-being of our associates and are proud to be consistently recognized as a Best Place to Work. Our compensation and benefits package not only supports our associates and their families but benefits local communities and communities around the world.
Industry-leading performance-based bonus program
100% company funded retirement contributions
Traditional and Roth 401k
Tuition reimbursement for associates
Scholarship for associates’ children up to $28,000 per child
1-month paid sabbatical after every five years of employment, plus $5,000 for travel
1-week paid volunteer leave each year
100% charitable match
Medical, dental, and vision insurance coverage
100% paid 12-week maternity leave
At ARCO, our first core value is to treat people fairly and do the right thing. We are committed to building and sustaining a culture that supports diversity and inclusion. We are proud to be an equal opportunity employer, and all qualified applicants will receive consideration for employment.
From recruiting, training, and hiring practices to selecting our subcontractors, we understand that diversity of all those involved in the construction process enhances our ability to deliver the best solutions to our customers. We hire the best and the brightest from across the country – constructing a team of experts in architecture, design, engineering, project management, and business services.
A DAY IN THE LIFE
Maintain oversight and reporting for Governance, Risk, and Compliance activities
Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks
Document, formulate, prioritize, and enforce areas of security improvement that balance risk with business operations and not diminish efficiencies or innovation
Maintain oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business leads when weaknesses are discovered
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to leadership
Work with security and risk management leaders to perform ongoing security program assessments and create prioritized strategic technology directives
Attend and engage in change management, architecture review board, and project management meetings
Design and maintain security policy, standards, and operational processes
Lead and maintain activities related to businesses security requirements mandated by standards and regulations including CMMC 2.0, NIST 800-171
Assess and validate the assurance of the security program as a primary point of contact for internal and external auditors
Monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business
NECESSARY QUALIFICATIONS
5-8 years experience in cyber security as a practitioner and with at least 2-4 years exposure with various security frameworks
Strong business acumen and security technology as well as proven ability to align with security practices and compliance responsibilities, including but not limited to HIPAA, GDPR, CMMC 2.0, and NIST 800-171.
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
Working knowledge of technology such as cloud computing and application security as well as an up-to-date understanding of incident response, system configuration, vulnerability management, and hardening guidelines
Preferred experience with cloud environments such as Azure
Demonstrated problem solving capabilities and ability to manage complex local and international security requirements
Self-motivated, directed, and well organized, with the vision to position controls in anticipation of threats
MAKE YOUR MOVE
We are proud to be one of the fastest-growing, privately-owned companies in America, celebrating over 30 years of experience as design-build experts. We have completed over 5,500 design-build projects across 48 states and 38 major cities nationwide. We ranked #3 out of the top 100 design-build companies in the U.S. and #17 on ENR's Top 400 Contractors list of 2023. Most importantly, our clients like us, trust us and want to do business with us. We are looking for people with the same enthusiasm, passion, and respect for the hard work that brought us to where we are today. Are you a person that can make a difference at ARCO? If the answer is, “Yes!” we look forward to meeting you.
ARCO does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from ARCO’s Human Resource team. Pre-approval is required before any external candidate can be submitted. ARCO will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.