Job Description
General Responsibilities:
Responsible for assessing and documenting Terracon’s compliance and risk posture as they relate to its information assets. Responds to third party risk assessments, participates in contract review process, and responds to governance, risk and compliance inquiries.

Essential Roles and Responsibilities:

• With guidance from management and senior analysts, facilitates the system-wide information security compliance program, ensuring IT activities, processes and procedure meet defined requirements, policies and regulations.
• Drafts effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Evaluates programmatic and technical directions and seeking guidance as required in matters relating to the investigation, impact and analysis of security incidents, decisions regarding risk and measures for information security.
• Document and report control failures and gaps to stakeholders.
• Draft responses and aggregate documentation for third party/client risk assessments, audits, compliance checks, government compliance attestations and external assessment processes for internal/external auditors, HIPAA, CMMC, DFARS/DFARS Interim Rule, NIST 800-171 and other compliance frameworks as required.
• Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
• Interacts in both oral and written communications with all levels of system staff including system architects/administrator, developers, operations staff, legal, auditors and suppliers/contractors in matters related to information security and security awareness.
• Coordinate and track all information technology and security related assessments including scope of assessment, service lines/business units involved, timelines, assessors and outcomes. Work with assessors as appropriate to keep assessment focus in scope, maintain excellent relationships with assessors and provide a consistent perspective that continually puts the organization in its best light.
• Support vendor due-diligence process and help to define overall third-party risk management efforts.
• Participate in disaster recovery and business continuity planning.
• Work with external auditors and outside consultants as appropriate on required security assessments and audits.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Stay up to date and informed on developing regulatory and compliance concerns, as well as changing IT and information security trends.
• Follow safety rules, guidelines and standards for all projects. Participate in pre-task planning. Report any safety issues or concerns to management.
• Be responsible for maintaining quality standards on all projects.

Requirements:

• Bachelor’s degree in related field and a minimum of 3 years’ experience in Information Technology. Or, in lieu of a degree, a minimum of 7 years’ relevant experience.
• Valid driver’s license with acceptable violation history.

Preferred:

• ISACA or (ISC)2 Certification

About Terracon
Terracon is a 100 percent employee-owned multidiscipline consulting firm comprised of more than 6,000 curious minds focused on solving engineering and technical challenges from more than 175 locations nationwide. Since 1965, Terracon has evolved into a successful multi-discipline firm specializing in environmental, facilities, geotechnical, and materials services. Terracon’s growth is due to our talented employee-owners exceeding expectations in client service and growing their careers with new and exciting opportunities in the marketplace.

Terracon’s vision of “Together, we are best at people” is demonstrated through our excellent compensation and benefits package. Based on eligibility, role and job status, we offer many programs including medical, dental, vision, life insurance, 401(k) plan, paid time off and holidays, education reimbursement, and various bonus programs.
EEO Statement
Terracon is an EEO employer. We encourage qualified minority, female, veteran and disabled candidates to apply and be considered for open positions. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or military status.