Senior Security Analyst

Sr. Security Analyst

For a complete understanding of this opportunity, and what will be required to be a successful applicant, read on.

SUMMARY

Mortenson is currently seeking a Sr. Security Analyst that will be responsible for managing risks, and ensuring compliance with security regulations, which includes developing & enforcing security frameworks, conducting risk assessments, and creating cybersecurity policies. This role also involves monitoring & reporting on compliance, conducting assessment & auditing, and collaborating with stakeholders to align security practices with business objectives & communicating risk status.

RESPONSIBILITIES

• Assess and manage contractual and regulatory obligations in accordance with company policies, industry standards, and regulatory requirements (e.g. SOC 2, ISO 27001, NIST CSF, NIST 800-171, CMMC, etc.).
• Manage security standards, policies, and practices on an annual basis to make sure they meet company demands.
• Assist the Business in responding to inquiries from customers about Security controls and compliance.
• Look for improvement and offer insightful advice and value-added guidance on process and control enhancements.
• Conduct comprehensive risk assessments of third-party vendors, partners, and service providers to evaluate security posture, compliance status, and risk exposure.
• Collaborate with cross-functional teams, including Legal, IT, and Procurement, to establish risk management strategies for third-party relationships.
• Maintain processes for third-party security evaluations, onboarding, and ongoing risk monitoring.
• Manage the lifecycle of third-party risk management, from initial assessment to contract negotiations and continuous monitoring.
• Work with vendors and internal teams to ensure that appropriate remediation plans are put in place for identified risks.
• Prepare regular reports on third-party risk and compliance status for senior management and relevant stakeholders.
• Stay up-to-date with the latest trends and best practices in third-party risk management, cybersecurity, and regulatory compliance.
• Respond to information security incidents, perform root cause analysis, and lead incidents and problems to resolution.
• Work with other technical staff to execute information security initiatives and projects.
• Monitor information security systems for risk events and manage discovered vulnerabilities to acceptable remediations.

QUALIFICATIONS

A few benefits offered include :

(for Non-Craft & Non-Union Craft working 25+ hours / week)

The base pay range for this role  is $114,000 - $171,000. (Actual range is higher for the following office locations : Denver, CO and Chicago, IL – 5%, Seattle, WA, and Portland, OR – 10%, Washington, D.C. – 12.5%).

Base pay is positioned within the range based on several factors including an individual’s knowledge, skills, and experience, with consideration given to internal equity.

#LI-JY1 #LI-Hybrid

Please make note :

ABOUT MORTENSON

As a top builder, developer, and EPC (Engineering, Procurement, and Construction), our expertise spans markets like sports, renewable energy, data centers, healthcare, and more. We are builders at heart, working to ensure the built environment has a lasting positive impact.

Let’s Redefine Possible®

Equal Employment Opportunity

Your uniqueness brings new and creative perspectives to the team. Mortenson is committed to providing equal opportunities of employment (EOE) to all individuals, regardless of your race, religion, gender, national origin, age, veteran status, disability, marital status or any other legally protected category.

Other Items to Note