IS Risk & Assurance Advisor (Applications Platforms and Data)

GHD
Houston, US

Job Description

Job Description

At GHD, we don’t just believe in the power of commitment, we live and breathe it every day.

That’s why we pledge to support and empower all of our people to make a positive impact when working hand in hand with our business to drive change. We'll help you accelerate your career and empower you with the right technology and training as you bring ideas and projects to life.

Together with your colleagues, clients and partners, you'll make an impact that is felt by all. See where your commitment could take you.

Who are we looking for?

As a senior Second Line of Defense (2LoD) Technology Risk & Control Assurance role within Information Services, the IS Risk & Assurance Advisor provides independent assurance and strategic insight over the control environment supporting application platforms, data and AI services, software development, domain and DNS management, and the online/web ecosystem.

The role leads risk‑based assurance and thematic review programs to assess control design and operating effectiveness, identify systemic control weaknesses, and govern remediation outcomes. It delivers executive‑level reporting on technology risk posture, control effectiveness, trends and material issues, supporting informed decision‑making by the CIO/CTO, senior leadership, and governance committees, in alignment with industry frameworks, regulatory expectations and client requirements.

Responsibilities:

  • Maintains and evolves the control library mapped to internal policies and external frameworks (e.g., ISO/IEC 27001/2, Essential Eight, CMMC, client requirements).
  • Defines platform‑specific control objectives for applications, data, AI, online/web, DNS, development, including control owners, test procedures, success criteria, and evidence requirements.
  • Partner with Applications, Data & AI, Technology and Web/Digital teams to embed controls by design in business plans.
  • Runs a risk‑based assurance program (design/operating effectiveness testing) for target platforms.
  • Executes thematic reviews (e.g., domain/DNS hygiene, AI use‑case onboarding, web app release quality, development practices, data access controls) and facilitates remediation plans with owners.
  • Validates control evidence, tracks findings to closure, and escalates material non‑conformances and risks.
  • Produces monthly CIO/CTO Platform Assurance Reporting: control effectiveness ratings, heat maps, KRIs, trend analysis, and material risks/issues.
  • Supports internal/external audits and client assessments with defensible evidence.
  • Delivers actionable insights highlighting control gaps and recommended fixes.
  • Coordinates AI use‑case risk assessments, data protection measures, logging/traceability, and model/service controls.
  • Provides oversight of the web environment, secure configuration, code development and promotion, protections, lifecycle, CSP/HSTS usage, defect leakage metrics and domain portfolio governance (renewals, registrar lock, DNS change control, DNSSEC (where relevant), data privacy, and name server posture).
  • Identifies changing regulatory and compliance alignment, managing change and impacts to the controls environment
  • Provides insightful dashboards and reports to senior leadership and governance committees
  • Champions continuous improvement in the domain, team and mentor team members

Skills and Competencies:

  • Maintains and evolves the technology risk and control library, mapped to internal policies and external frameworks (e.g. ISO/IEC 27001/2, Essential Eight, CMMC, and client requirements).
  • Defines and governs platform‑specific control objectives across applications, data, AI, online/web, DNS, and development domains, including control intent, ownership, assurance approach, success criteria, and evidence expectations.
  • Provides independent oversight, challenge and advisory input to Applications, Data & AI, Technology, and Web/Digital teams to support the embedding of controls by design within business plans and delivery approaches.
  • Designs and executes a risk‑based technology assurance program, including control design and operating effectiveness assessments for in‑scope platforms and services.
  • Leads thematic and deep‑dive reviews (e.g. domain/DNS hygiene, AI use‑case onboarding, web application release quality, development practices, and data access controls), and govern remediation planning and outcomes with accountable control owners.
  • Validates control evidence, manages findings, tracks remediation progress to closure, and escalates material control weaknesses, non‑conformances, and risks in accordance with governance thresholds.
  • Produces regular CIO/CTO Platform Assurance reporting, including control effectiveness ratings, risk heat maps, key risk indicators (KRIs), trend analysis, and material risks and issues.
  • Supports internal and external audits and client assessments, providing defensible assurance artefacts, evidence, and subject‑matter expertise.
  • Delivers clear, actionable insigh

Skills & Requirements

Technical Skills

Risk managementControl assuranceData protectionAiOnline/web ecosystemDns managementDevelopment practicesData access controlsInternal auditsExternal auditsClient assessmentsDashboardsReportsCommunicationProblem-solvingTeamworkLeadershipTechnology riskControl environmentRegulatory compliance

Level

Mid-Level

Posted

5/6/2026

Continue to LinkedIn

You will be redirected to the job posting on LinkedIn.

Sign in and we'll score your resume against this role.

Find Similar Jobs

Browse roles in the same category, level, and remote setup.

Sign in to open the target role workbench.