Lead Auditor

Extraordinary teams building inspiring projects:

Since 1898, we have helped customers complete more than 25,000 projects in 160 countries on all seven continents that have created jobs, grown economies, improved the resiliency of the world's infrastructure, increased access to energy, resources, and vital services, and made the world a safer, cleaner place. 

Differentiated by the quality of our people and our relentless drive to deliver the most successful outcomes, we align our capabilities to our customers' objectives to create a lasting positive impact. We serve the Infrastructure; Nuclear, Security & Environmental; Energy; Mining & Metals, and the Manufacturing and Technology markets. Our services span from initial planning and investment, through start-up and operations. 

Core to Bechtel is our Vision, Values and Commitments. They are what we believe, what customers can expect, and how we deliver. Learn more about our extraordinary teams building inspiring projects in our Impact Report. 

Job Summary:

The Bechtel Information Security & Compliance team is seeking a passionate and enthusiastic lead internal auditor who is very familiar with ISO27001 certification and auditing processes and has demonstrated experience assessing compliance to the ISO standard as well as internal policies and procedures.  Successful candidate will be responsible for leading and managing internal audit activities and providing valuable insights to improve Bechtel information security management system.  Applicants should have excellent communication skills and a thorough understanding of information security risks as it relates to I&D business, viewing security holistically, applying risk management intelligently, using creative problem-solving techniques, and the ability to work successfully with multidisciplinary teams.

Major Responsibilities:

• Lead and manage ISO 27001 internal audit activities, including planning, execution and reporting.
• Lead a team of auditors across the globe, ensuring effective coordination and collaboration.
• Communicate regularly with corporate information security management team to ensure alignment of audit methodology and schedule.
• Plan and conduct ISO 27001 internal compliance audits, document audit reports, review completion of corrective actions and verify closure of audit findings.
• Conduct information security technical compliance reviews and recommend improvements to operational processes and/or information security controls.
• Evaluate effectiveness of internal risk management processes and risk treatment mitigations.
• Establish strong partnership with internal stakeholders to ensure compliance with regulatory or contractual requirements, and corporate policies and procedures.
• Collaborate with multidisciplinary teams to address audit findings, implement corrective actions and/or changes to information security controls.
• Prepare and present audit reports to senior management.
• Provide ISO 27001 consultation to information security management team.
• Develop policies and procedures on internal audit processes.
• Maintain auditability and present evidence of internal audit activities during ISO 27001 external audits.
• Establish and maintain effective internal audit compliance dashboard.
• Assist with external audit processes and internal investigations as needed.
• Travel to Bechtel offices and jobsites as needed.

Education and Experience Requirements:

• BS in a computer related field or 10 years of equivalent IT work experience.
• US Citizenship required.

Required Knowledge and Skills:

• Minimum 2 years ISO 27001 auditing experience.
• ISO 27001 Lead Auditor Certification.
• Strong information security background, with demonstrable understanding of security frameworks and standards.
• Strong knowledge of internal control frameworks and risk management principles.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Knowledgeable in 4 or more of the security domains listed below:
  • Information Security Governance and Management
  • Network Security Operations
  • Security Architectures
  • System Development Lifecycle
  • NIST, DOD and Risk Management Framework
  • Confidential Unclassified Information (CUI) 
  • Identity and Access Management
  • Disaster Recovery and Business Continuity
• Experience with industry standards, guidelines and regulatory/compliance requirements related to information security such as Cloud Security Alliance (CSA), NIST Cybersecurity Framework (CSF) and Special Publication (SP) 800-series, PCI DSS, SOC2, etc.
• Ability to work independently and manage multiple projects simultaneously.
• Proficiency in ServiceNow Governance, Risk and Compliance (GRC) module.
• Experience writing business and audit reports and delivering presentations at various management levels.
• CISM, CISA, CISSP, PMP or Prince2 certifications a plus.

Total Rewards/Benefits:

For decades, Bechtel has worked to inspire the next generation of employees and beyond! Because our teams face some of the world's toughest challenges, we offer robust benefits to ensure our people thrive.  Whether it is advancing careers, delivering programs to enhance our culture, or providing time to recharge, Bechtel has the benefits to build a legacy of sustainable growth. Learn more at Bechtel Total Rewards

Diverse teams build the extraordinary:

As a global company, Bechtel has long been home to a vibrant multitude of nationalities, cultures, ethnicities, and life experiences. This diversity has made us a more trusted partner, more effective problem solvers and innovators, and a more attractive destination for leading talent.

We are committed to being a company where every colleague feels that they belong-where colleagues feel part of "One Team," respected and rewarded for what they bring, supported in pursuing their goals, invested in our values and purpose, and treated equitably. Click here to learn more about the people who power our legacy.