Senior Company Security Controller (Security Manager) at Aecom in Basingstoke, England, United Kingdom | Kablio

Role

Description

security management

facility accreditation

incident reporting

risk reporting

client liaison

security training

Provide support to the end markets, ensuring AECOM is aligned to client requirements in relation to existing and new projects which may be governed by United Kingdom Government Security.
Ensuring the UK legislative and company policies are adhered to.
Be the FSC Security Controller and the Crypto Custodian for the Basingstoke facility if feasible
Support review of best practices, policies and procedures.
Support Site Security Controllers and the UK Classified Network Manager with the management of the accredited facilities.
Chair the company national security working group
Support project and office teams in development of new facilities adopting the lead role in the accreditation process of new FSC facilities.
Manage the Defence Cyber Protection Portal process and the dissemination of contractual obligations to the supply chain.
Provide advice, guidance and support on UK Government Security protocols for the business and the AECOM Executive Board.
Support projects in response to client business continuity questionnaires.
Manage the security vetting team that is based in Basingstoke
Provide support and oversight of AECOMs 5 FSC facilities and 2 List N facilities
Highlighting and escalating any government associate security risks to stakeholders via the relevant risk committee.
Management of the security incident report process relating to UK Government Projects and Ministry of Defence industry Warning, Advisory and Reporting Point (MOD WARP) SIRF submissions
Lead on Security Aspects letter processes.
To actively participate in professional associations and relevant peer groups
Provide monthly and quarterly reports to the Board Level Contact for Security
Liaising with project teams and responding to Security Aspects Letters relating to existing projects, future project pursuits and the supply chain process.
Representing AECOM, providing project liaison, managing and developing key client relationships.
Attend forums and training to ensure that AECOM is fully up to date with security changes adherence to List X Notice and MOD Certifications.
Oversight and support for office ID card production.
Be the prime point of contact for UK Government Security principles for the business units.
Support the business units with responses to security audits and questionnaires.
Managing Security Awareness training in various formats / providing the initial and annual mandated Security Awareness training for all cleared individuals.
Support the vetting process during periods as required by the business
Provide the response to, and investigating security incidents in line with AECOM protocols, ensuring that they are dealt with appropriately or escalated if necessary.
Manage AECOM secure facilities and support project and office teams in development of new facilities.

Requirements

cissp

csm

iso27001

disa

5+ years

dv clearance

Previous experience of managing a national security vetting function and vetting account.
Functionality in Microsoft Office products e.g., PowerPoint, Word, Excel, Outlook.
Understanding of MOD Secure by design principles and historical MOD DART accreditation.
They will be required to achieve DV clearance without restrictions.
Needs to have completed or is willing to complete the Defence Industry Security Association (DISA) Security Controller Course.
Fully conversant with MOD Joint Service Publications (JSP440), Security Policy Framework and Government Functional Standard (GovS007).
Certified Security manager (CSM)
ISO27001 lead auditor qualification.
A recognised security management qualification, e.g.,
Highly developed and disciplined work ethic, sense of accountability and ability to follow through on tasks to completion.
High level of integrity and ability to maintain confidentiality.
Membership of the Security Institute and DISA.
Understanding principles of Surreptitious Threat Mitigation Process (STaMP) and MODs Secure by Design.
Due to the nature of the role the person must be a sole British national with no current or former foreign nationalities.
Resided in the UK for the last 10 years without breaks of more than 28 days.
Communication skills are critical.
Minimum 5 years’ relevant Company Security Controller experienc e.
Certified Information Systems Security Professional (CISSP)
Understanding of the Catalogue of Security Equipment, STaMP assessment and the accreditation process for new FSC facilities.
Understand Industrial Personnel Security Assurance (IPSA) certification and of the management of the vetting function and provide support as required.

Benefits

Information not given or found

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

must be a sole british national with no foreign nationalities.
must achieve dv (developed vetting) clearance without restrictions.
must have resided in the uk for the last 10 years with no breaks over 28 days.

Company

Overview

Born 1990

Year of Formation

The company was formed in 1990 through the merger of five legacy firms.

$16B annual revenue

Annual Revenue

The company generates over $16 billion in revenue annually and ranks highly in ENR's global design firm lists.

150+ countries

Global Presence

The company operates in over 150 countries worldwide.

Megaprojects delivery

Project Scope

The company is known for delivering megaprojects such as cable-stayed bridges, Olympic venues, ports, transit hubs, and disaster recovery works.

Launched as a bold independent infrastructure consultancy from a merger of five legacy firms dating back over a century.
Handles everything from geotech to electro-mechanical systems, as seen in the award-winning Romaine Hydroelectric Complex in Canada.
Guides projects through every lifecycle stage in transportation, buildings, water systems, energy, and environmental sectors.

Culture + Values

Safety first - We put safety at the core of everything we do.
Integrity - We act with the highest ethical standards.
Collaboration - We believe in the power of teamwork.
Innovation - We embrace creativity and foster new ideas.
Sustainability - We are committed to creating a sustainable future.

Environment + Sustainability

2040

Net Zero Carbon Target

Committed to achieving net zero carbon emissions by 2040.

50%

Emission Reduction Target

Committed to reducing operational carbon emissions by 50% by 2030.

Focus on decarbonization across client projects and operations.
Developed strategies for climate resilience and adaptation.
Initiated projects that contribute to sustainable infrastructure and urban planning.

Inclusion & Diversity

50% gender parity

Gender Parity Target

Aim to achieve gender balance in leadership positions by 2030.

35% increase

Women Leadership Growth

Achieved significant growth in women representation in leadership roles in 2022.

Committed to increasing racial and ethnic diversity across the company.
Implemented programs to foster a diverse and inclusive workplace culture.

Articles

Role

Description

security management

facility accreditation

incident reporting

risk reporting

client liaison

security training

Provide support to the end markets, ensuring AECOM is aligned to client requirements in relation to existing and new projects which may be governed by United Kingdom Government Security.
Ensuring the UK legislative and company policies are adhered to.
Be the FSC Security Controller and the Crypto Custodian for the Basingstoke facility if feasible
Support review of best practices, policies and procedures.
Support Site Security Controllers and the UK Classified Network Manager with the management of the accredited facilities.
Chair the company national security working group
Support project and office teams in development of new facilities adopting the lead role in the accreditation process of new FSC facilities.
Manage the Defence Cyber Protection Portal process and the dissemination of contractual obligations to the supply chain.
Provide advice, guidance and support on UK Government Security protocols for the business and the AECOM Executive Board.
Support projects in response to client business continuity questionnaires.
Manage the security vetting team that is based in Basingstoke
Provide support and oversight of AECOMs 5 FSC facilities and 2 List N facilities
Highlighting and escalating any government associate security risks to stakeholders via the relevant risk committee.
Management of the security incident report process relating to UK Government Projects and Ministry of Defence industry Warning, Advisory and Reporting Point (MOD WARP) SIRF submissions
Lead on Security Aspects letter processes.
To actively participate in professional associations and relevant peer groups
Provide monthly and quarterly reports to the Board Level Contact for Security
Liaising with project teams and responding to Security Aspects Letters relating to existing projects, future project pursuits and the supply chain process.
Representing AECOM, providing project liaison, managing and developing key client relationships.
Attend forums and training to ensure that AECOM is fully up to date with security changes adherence to List X Notice and MOD Certifications.
Oversight and support for office ID card production.
Be the prime point of contact for UK Government Security principles for the business units.
Support the business units with responses to security audits and questionnaires.
Managing Security Awareness training in various formats / providing the initial and annual mandated Security Awareness training for all cleared individuals.
Support the vetting process during periods as required by the business
Provide the response to, and investigating security incidents in line with AECOM protocols, ensuring that they are dealt with appropriately or escalated if necessary.
Manage AECOM secure facilities and support project and office teams in development of new facilities.

Requirements

cissp

csm

iso27001

disa

5+ years

dv clearance

Previous experience of managing a national security vetting function and vetting account.
Functionality in Microsoft Office products e.g., PowerPoint, Word, Excel, Outlook.
Understanding of MOD Secure by design principles and historical MOD DART accreditation.
They will be required to achieve DV clearance without restrictions.
Needs to have completed or is willing to complete the Defence Industry Security Association (DISA) Security Controller Course.
Fully conversant with MOD Joint Service Publications (JSP440), Security Policy Framework and Government Functional Standard (GovS007).
Certified Security manager (CSM)
ISO27001 lead auditor qualification.
A recognised security management qualification, e.g.,
Highly developed and disciplined work ethic, sense of accountability and ability to follow through on tasks to completion.
High level of integrity and ability to maintain confidentiality.
Membership of the Security Institute and DISA.
Understanding principles of Surreptitious Threat Mitigation Process (STaMP) and MODs Secure by Design.
Due to the nature of the role the person must be a sole British national with no current or former foreign nationalities.
Resided in the UK for the last 10 years without breaks of more than 28 days.
Communication skills are critical.
Minimum 5 years’ relevant Company Security Controller experienc e.
Certified Information Systems Security Professional (CISSP)
Understanding of the Catalogue of Security Equipment, STaMP assessment and the accreditation process for new FSC facilities.
Understand Industrial Personnel Security Assurance (IPSA) certification and of the management of the vetting function and provide support as required.

Benefits

Information not given or found

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

must be a sole british national with no foreign nationalities.
must achieve dv (developed vetting) clearance without restrictions.
must have resided in the uk for the last 10 years with no breaks over 28 days.

Company

Overview

Born 1990

Year of Formation

The company was formed in 1990 through the merger of five legacy firms.

$16B annual revenue

Annual Revenue

The company generates over $16 billion in revenue annually and ranks highly in ENR's global design firm lists.

150+ countries

Global Presence

The company operates in over 150 countries worldwide.

Megaprojects delivery

Project Scope

The company is known for delivering megaprojects such as cable-stayed bridges, Olympic venues, ports, transit hubs, and disaster recovery works.

Launched as a bold independent infrastructure consultancy from a merger of five legacy firms dating back over a century.
Handles everything from geotech to electro-mechanical systems, as seen in the award-winning Romaine Hydroelectric Complex in Canada.
Guides projects through every lifecycle stage in transportation, buildings, water systems, energy, and environmental sectors.

Culture + Values

Safety first - We put safety at the core of everything we do.
Integrity - We act with the highest ethical standards.
Collaboration - We believe in the power of teamwork.
Innovation - We embrace creativity and foster new ideas.
Sustainability - We are committed to creating a sustainable future.

Environment + Sustainability

2040

Net Zero Carbon Target

Committed to achieving net zero carbon emissions by 2040.

50%

Emission Reduction Target

Committed to reducing operational carbon emissions by 50% by 2030.

Focus on decarbonization across client projects and operations.
Developed strategies for climate resilience and adaptation.
Initiated projects that contribute to sustainable infrastructure and urban planning.

Inclusion & Diversity

50% gender parity

Gender Parity Target

Aim to achieve gender balance in leadership positions by 2030.

35% increase

Women Leadership Growth

Achieved significant growth in women representation in leadership roles in 2022.

Committed to increasing racial and ethnic diversity across the company.
Implemented programs to foster a diverse and inclusive workplace culture.

Articles