Job Description

Digital Technology
Corporate Services
? ?
TOR0001IY Requisition #

Arup's purpose, shared values, and collaborative approach has set us apart for over 75 years, guiding how we shape a better world.


At Arup, you belong to an extraordinary collective - in which we encourage individuality to thrive. Our strength comes from how we respect, share and connect our diverse experiences, perspectives and ideas. You will have the opportunity to do socially useful work that has meaning - to Arup, to your career, to our members and to the clients and communities we serve.


The Cyber GRC (Governance, Risk, and Compliance) team is responsible for ensuring that an organization's cybersecurity practices align with internal policies, industry standards, and regulatory requirements. The team manages cyber risks by developing governance frameworks, assessing threats, implementing controls, monitoring compliance, and supporting audits. Their goal is to reduce security risks while enabling business objectives in a secure and compliant manner.

The Opportunity

At Arup, you belong to an extraordinary collective - in which we encourage individuality to thrive. Our strength comes from how we respect, share and connect our diverse experiences, perspectives and ideas. You will have the opportunity do socially useful work that has meaning - to Arup, to your career, to our members and to the clients and communities we serve.'

Act as the primary point of contact for all cyber-related requests, incidents, and issues in the Americas, ensuring alignment with global cybersecurity objectives. Ensure adherence to Arup's Information Security Control Framework, promoting compliance across systems, teams, and processes. As a part of a wider team, Lead and coordinate global cybersecurity awareness campaigns to foster a culture of security across the organization. Collaborate with regional digital partners to embed security by design in new initiatives, ensuring secure development from the outset. Perform threat and risk assessments for regional projects and systems and drive timely closure of identified risks. Maintain security and compliance of Arup's cloud infrastructure and other digital environments in line with established security policies. Conduct cybersecurity due diligence on third-party vendors and partners, ensuring risks are identified and mitigated. Work closely with the software development teams to integrate security standard processes into the design and deployment of digital products and services. Support the implementation and improvement of Arup's DLP program to safeguard sensitive information. Perform audits of internal infrastructure and applications against Arup's security standards and frameworks, identifying gaps and recommending improvements. Lead regional initiatives to ensure compliance with IT disaster recovery requirements, contributing to business continuity and resilience. Drive assessments of security controls across the region, aiming to enhance compliance levels and cyber maturity. Track, measure, and report on the effectiveness of cybersecurity processes and controls, contributing to the continuous improvement of the cyber management plan.

Is this role right for you?

Essential skills

Recognised relevant tertiary qualifications in Information Technology. Relevant GRC or information risk management and compliance experience within a consulting business environment. Proficiency in Service Now IRM, eLearning platforms like KnowBe4 or similar Proven experience in ISO 27001 compliance, security control assessments, internal security audits, cyber awareness. A passion for diversity, recognizing the innovation and competitive edge that comes from a diverse highly skilled team where equal opportunities are truly valued The ability to empower others to succeed, giving staff the confidence and support to thrive, develop and excel at what they do Excellent written/verbal communication skills with both non-technical as well as technical audiences managing successful communications with governance boards and partners Open-minded collaborative approach to problem solving, improvement and leadership with an empathy for the needs of clients and customers Ability to influence others to consider your point of view and gain support and agreement for plans, changes and innovative approaches Ability to establish and agree direction when there is lack of clarity from partners Self-starter, pragmatic, flexible and comfortable with ambiguity, able to align business and Digital Technology Group vision to deliver clarity

What we offer you

At Arup, we care about each member's success, so we can grow together.


Guided by our values, we provide an attractive total reward package that recognizes the contribution of each of our members to our shared success. As well as competitive, fair and equitable pay, we offer a career in which all of our members can belong, grow and thrive - through benefits that support health and wellbeing, a wide range of learning opportunities and many possibilities to have an impact through the work they do.


We are owned in trust on behalf of our members, giving us the freedom, with personal responsibility, to set our own direction and choose work that aligns with our purpose and adds to Arup's legacy. Our members collaborate on ambitious projects to deliver remarkable outcomes for our clients and communities. Profit Share is a key part of our reward, enabling members to share in the results of our collective efforts.

Benefits at Work

- At Arup, we have a comprehensive and valuable benefits program that works for our employees and their families. These are 100% paid for by Arup except for optional life insurance. These benefits provide health and welfare security for you as well as paid time off for rest and renewal. Our Global Profit Share Plan (paid bi-annually) provides an opportunity for you to share in the success of the Firm. As a valued employee of Arup, you can also choose to participate in our GRRSP 5% company match to help you save for your future.

Flexible Working

- We believe that flexible arrangements create a more inclusive way of working that supports our diversity and the wellbeing of our people. Options for alternative schedules and the ability to work outside of the office for a portion of your workweek are available.

Arup is an equal opportunity employer and will consider applications from all qualified individuals. Every job applicant will be treated equally, fairly and with respect regarding race, color, ancestry, sex, gender identity or expression, sexual orientation, pregnancy, civil status, age (except as provided by law), creed/religion, political convictions, language, ethnic or national origin, disability/handicap, pardoned record of offences, social condition (marital or family status, receipt of social assistance), and any other ground protected by the applicable human rights legislation.


Arup is committed to improving accessibility for individuals with disabilities and to ensuring that all of our employees have the support and the tools they need to succeed. We have developed policies relating to human rights, accessibility and accommodation, and provide all our employees with training on these matters either during orientation and/or on an ongoing basis.

If you are contacted by Arup regarding a job opportunity and you feel you need accommodation during the application process, or have a question about our human rights and accessibility accommodation policies, please speak to Human Resources or send an email to americasbenefits@arup.com or call 646-802-3577 to let us know the nature of your request.

Hiring Range

- The good faith base salary hiring range for this job if performed in Toronto is $90,000 to $100,000. This range is commensurate with experience, educational background, and skill level. Benefits are not included in the base salary. Please note, hiring ranges for candidates performing work outside of Toronto will differ.

Our Application Process

We will be reviewing our candidates for this position on a rolling basis. Once you have applied you will be evaluated and potentially moved on to the next round, at which point a member of the talent resourcing team will get in touch with you.


Arup is an equal opportunity employer. All qualified applicants will receive consideration without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, spouse of a protected veteran, or disability.


Stay safe online. Recruitment fraud is on the rise, and Arup's name, logo, and branding have been used in fraudulent job advertisements. Arup will never ask for bank information as part of our recruitment process.


#LI-JB2