Job Title

Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices.Role OverviewSargent & Lundy isseekinga proactive, data-driven, and detail-oriented Senior GRC Analyst to lead key pillars of Governance, Risk, and Compliance (GRC) with a primary emphasis on enterpriseInformation Security,TPRM, contract governance, and cross-functional coordination with Legal and Procurement. You will own cyber training, communications, and phishing simulations, and drive measurable outcomes through strong data analysis and dashboard reporting (KPIs/KRIs). You will support audit readiness and regulatory alignment across frameworks such as ISO 27001, SOC 2, NIST CSF/171, and CMMC. You will also guide privacy-aligned practices (e.g., GDPR) and lead effective policy implementation through clear procedures, controls, and adoption plans.Essential ResponsibilitiesLead and mature theThird-PartyRisk Management (TPRM) program:Develop & manage vendors inventory,conduct risk reviews of third-party vendors, define tiering/scoping, evaluate controls, track obligations/findings through closure, and standardize evidence retention in collaboration with Legal and Procurement.Drive strong contract management with Legal and Procurement:Standardizesecurity and privacy clauses, review S&L client contracts, negotiate requirements, and ensure obligations are tracked, owned, and reported.Own the security awareness & training program end-to-end:Developcurriculum, coordinate communications, execute phishing simulations, analyze outcomes, and improve effectiveness using KPI/KRI dashboards and trend reporting.Administer andoptimizeGRC platforms and workflows (e.g.,Hyperproof) tomaintainvisibility into risks, assessments, findings, and audit deliverables;establishSLAs and performance indicators.Develop riskmanagement& risk assessment practice, conduct risk assessments, developand manageriskregisterwith clear tracking of risks and accountability.Advance security governance by drafting,maintaining, and operationalizing policies, standards, procedures, and roles & responsibilities; leadchangemanagement and communications to ensure policy implementation and adoption.Coordinate evidence and execute control readiness for ISO 27001, SOC 2, NIST CSF, CMMC (gap analysis, control testing, POA&Ms), and support automation thatreduces workload.Support privacy-aligned practices (e.g., GDPR): contribute to data classification/handling standards, data mapping/records of processing, privacy-by-design reviews, incident/breach alignment, and retention practices.Oversee governance for Business Continuity and Disaster Recovery and Backup & Recovery in partnership with IT (plan maintenance, exercises, lessons learned, reporting).Lead cross-functional coordination with IT, HR, Finance, Legal, and business teams to embed compliance into operations and accelerate remediation of findings.Manage security tasks/projects and report progress via standardized dashboards, scorecards, and executive-ready narratives, highlighting risk, performance, and trends. - Define, publish, and automate metrics & management reporting (KPIs/KRIs) for training effectiveness, phishing trends, vendor risk, audit readiness, privacy/policy adoption, and control performance.Continuously upgrade information securityskills,contributeto Information Security team skill development with playbooks, enablement sessions, and knowledge-sharing.Support government contract compliance reviews and tracking, ensuring obligations are documented,monitored, andevidenced.Core Areas of Responsibility (Scope)Information Security Governance, Policies, Standards, Procedures, and Roles & Responsibilities.Risk Management-Information security risk management and risk assessmentsCompliance management - Audit evidence management, auditcoordinationand compliance monitoringThird Party Risk Management-Third Party Risk Management,Vendor Assessments,Client ContractReviewsand obligation management.Security Awareness & Training — including communications and phishing simulations:Hoxhuntand MimecastCoordination with IT, HR, Finance, Legal, and Business Teams. - Security Tasks/Projects Management.Metrics & Management Reporting — strong emphasis on data analysis and dashboarding.Information Security Team Skill Development.Government Contract Compliance Reviews and Tracking.Deep Knowledge of Governance & PrivacyPolicy lifecycle management and control mapping;demonstratedability to translate policy into procedures/controls and drive organization-wide policy implementation and adoption.Privacy principles and GDPR-aligned practices (e.g., data classification/handling, data mapping/records of processing, privacy by design, incident/breach communications aligned to policy).Compliance standards and frameworks (ISO 27001, NIST CSF, SOC 2, CMMC).Third-party risk, software intake governance, audit readiness, and evidence management.Security & TPRM Tools - TPRM platforms:ProcessUnity(Vendor Risk, Contract/Obligations, Issues/Findings tracking). - TPRM intelligence/workflow:OneTrust, BitSight (as applicable).GRC/risk registers:Hyperproof(risk, controls, evidence, audits). - Data analytics and reporting: Power BIandExcel(for KPI/KRI dashboards and executive reporting).Business Continuity and Disaster Recovery Process Oversight. - Backup & Recovery Process Oversight.Mentoring, cross functionalteamcollaborationand executive reportingThis position offers the flexibility of a hybrid schedule with the expectation of 3 days per week in our downtown Chicago office, and 2 days remote from home.Required QualificationsBachelor’s degree in computer science, information systems, or related field; or equivalent professional experience.5+ years in GRC or related domains, including leadership/ownership of programs or workstreams.Strong understanding of ISO 27001, SOC 2, NIST CSF; experience with CMMC readiness.Practical knowledge of privacy and GDPR with the ability to implement policy via procedures, controls, communications, and training.Provenexpertisein risk management, compliance operations, policy/standards, vendor risk, resilience, security training/awareness, and audit readiness.Advanced data analysis skills with the ability to design and maintain KPI/KRI dashboards, translate data into insights, and present executive-ready reporting.Familiarity with security technologies across on-prem and cloud environments; strong problem-solving and systems thinking.Professional certifications (e.g., CISSP, CISM, CRISC) areadvantageous.Soft SkillsCompassionateCandor: Provide candid, actionable feedback to enhance team performance and individual growth.Seekto Understand: Embrace curiosity and a commitment to continuous learning, fostering an environment of collaboration and innovation.We Before Me: Actively collaborate and engage diverse perspectives to ensure collective success.Do What You Say: Take ownership of commitments, prioritizing anddelivering onkey initiatives.Light Up Learning: Encourage bravery in tryingnew ideas, sharing failures as opportunities for growth and learning.Driven by Passion: Connect personal passion to the mission,demonstratingresilience in the face of challenges while pursuing organizational goals.Why Join Us?Work in an established company that values innovation and growth.Engage with a collaborative team that is dedicated to making a meaningful impact in the energy sector.Gain exposure to cutting-edge projects and contribute to data-driven decision-making processes.We do not sponsor employees for work authorization in the U.S. for this position.At Sargent & Lundy, we care about the health and well-being of our employees. Our commitment extends beyond the workplace, offering comprehensive healthcare plans and generous paid time off to support our team members in every aspect of their lives. We understand the importance of work-life balance, which is why we are proud to provide competitive, award-winning benefits. Our dedication to employee satisfaction has earned us the prestigious Top Workplaces Culture Excellence Award for compensation and benefits in 2022, 2023, and 2024.Health & WellnessFinancial BenefitsWork-Life BalanceHealth Plans: Medical, Dental, VisionLife & Accident InsuranceDisability CoverageEmployee Assistance Program (EAP)Back-Up DaycareFSA & HSA401(k)Pre-Tax Commuter AccountMerit Scholarship ProgramEmployee Discount ProgramCorporate Charitable Giving ProgramTuition AssistanceFirst Professional Licensure BonusEmployee Referral BonusPaid Annual Personal/Sick Time (PST)Paid VacationPaid HolidaysPaid Parental LeavePaid Bereavement LeaveFlexible Work Arrangements$100,010.00 - $144,190.00Sargent & Lundy discloses compensation ranges that comply with all local and state regulations. The total compensation package for eligible positions will include a base salary or an hourly rate and a comprehensive benefits package, reflecting our commitment to rewarding performance and supporting the overall well-being of our employees. Individuals may also be eligible to participate in our yearly discretionary bonus.Sargent & Lundy is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any protected status as defined by applicable law.