Senior Security Analyst

Sr. Security Analyst

SUMMARY

Mortenson is currently seeking a Sr. Security Analyst that will be responsible for managing risks, and ensuring compliance with security regulations, which includes developing & enforcing security frameworks, conducting risk assessments, and creating cybersecurity policies. This role also involves monitoring & reporting on compliance, conducting assessment & auditing, and collaborating with stakeholders to align security practices with business objectives & communicating risk status.

RESPONSIBILITIES

• Assess and manage contractual and regulatory obligations in accordance with company policies, industry standards, and regulatory requirements (e.g. SOC 2, ISO 27001, NIST CSF, NIST 800-171, CMMC, etc.).
• Manage security standards, policies, and practices on an annual basis to make sure they meet company demands.
• Assist the Business in responding to inquiries from customers about Security controls and compliance.
• Look for improvement and offer insightful advice and value-added guidance on process and control enhancements.
• Conduct comprehensive risk assessments of third-party vendors, partners, and service providers to evaluate security posture, compliance status, and risk exposure.
• Collaborate with cross-functional teams, including Legal, IT, and Procurement, to establish risk management strategies for third-party relationships.
• Maintain processes for third-party security evaluations, onboarding, and ongoing risk monitoring.
• Manage the lifecycle of third-party risk management, from initial assessment to contract negotiations and continuous monitoring.
• Work with vendors and internal teams to ensure that appropriate remediation plans are put in place for identified risks.
• Prepare regular reports on third-party risk and compliance status for senior management and relevant stakeholders.
• Stay up-to-date with the latest trends and best practices in third-party risk management, cybersecurity, and regulatory compliance.
• Respond to information security incidents, perform root cause analysis, and lead incidents and problems to resolution.
• Work with other technical staff to execute information security initiatives and projects.
• Monitor information security systems for risk events and manage discovered vulnerabilities to acceptable remediations.

QUALIFICATIONS

• Bachelor's degree in Cybersecurity, Information Technology or equivalent subject area
• 5+ years of experience in information security, risk management, compliance, or related fields.
• Strong understanding of third-party risk management processes and frameworks.
• Familiarity with key security & privacy regulations, and risk management frameworks (e.g. CCPA, SOC 2, ISO 27001, NIST, CMMC).
• Knowledge of compliance regulations and standards.
• Experience with conducting security assessments, audits, and risk evaluations.
• Knowledge of security controls, risk mitigation strategies, and vendor management best practices.
• Excellent communication and interpersonal skills with the ability to convey complex technical information to both technical and non-technical stakeholders. The candidate should be able to "sell" ideas and processes internally at all levels.
• Strong analytical & problem-solving skills and detail oriented attention to detail-to be able to analyze complex situations, identify root causes, and develop solutions.
• Ability to work independently, manage multiple projects, and meet deadlines in a fast-paced environment.
• Effective influencing and negotiation skills in complex environments where resources required for success may not be in direct control of this role.
• Demonstrated presentation skills and credibility to win support and align the organization.

A few benefits offered include:

(for Non-Craft & Non-Union Craft working 25+ hours / week)

• Medical and prescription drug plans that includes no additional cost vision coverage
• Dental plan
• 401k retirement plan with a generous Mortenson match
• Paid time off, holidays, and other paid leaves
• Employer paid Life, AD&D, and disability insurance
• No-Cost mental health tool and concierge with extensive work-life resources
• Tuition reimbursement
• Adoption Assistance
• Gym Membership Discount Program

The base pay range for this role is $114,000 - $171,000. (Actual range is higher for the following office locations: Denver, CO and Chicago, IL - 5%, Seattle, WA, and Portland, OR - 10%, Washington, D.C. - 12.5%).

Base pay is positioned within the range based on several factors including an individual's knowledge, skills, and experience, with consideration given to internal equity.

#LI-JF1 #LI-Hybrid

Please make note:

• Visa sponsorship is not offered for this position.
• Our postings are typically open a minimum of 5 days and an average of 44 days.

ABOUT MORTENSON

As a top builder, developer, and EPC (Engineering, Procurement, and Construction), our expertise spans markets like sports, renewable energy, data centers, healthcare, and more. We are builders at heart, working to ensure the built environment has a lasting positive impact.

Let's Redefine Possible

Equal Employment Opportunity

Your uniqueness brings new and creative perspectives to the team. Mortenson is committed to providing equal opportunities of employment (EOE) to all individuals, regardless of your race, religion, gender, national origin, age, veteran status, disability, marital status or any other legally protected category.

Other Items to Note

• Mortenson reserves the right to hire any individual without legal or financial obligation on unwanted solicitations. No agency emails, calls, or solicitations are accepted without a valid agreement.
• Must be currently legally authorized to work in the U.S. without sponsorship for employment visa status (e.g., H1B status, 0-1, TN, CPT, OPT, etc.). We are unable to sponsor or take over sponsorship of an employment Visa at this time.