Mortenson

About the Company

Mortenson is a U.S.-based, top-25 builder, developer and provider of energy and engineering services committed to helping organizations move their strategies forward. Mortenson’s broad portfolio of integrated services ensures that its customers’ investments result in high-performing assets. The result is a turnkey partner, fully invested in the business success of its customers. Founded in 1954, Mortenson has operations across North America with offices in Chicago, Denver, Fargo, Iowa City, Milwaukee, Minneapolis, Nashville, Phoenix, Portland, Salt Lake City, San Antonio, Seattle, and Washington, D.C. For additional information, visit www.mortenson.com.

Listed Jobs

Company Name

Mortenson

Job Title

Senior Security Analyst

Job Description

**Job title:** Senior Security Analyst **Role Summary:** Lead the identification, assessment, and mitigation of risks across third‑party relationships and internal security programs, ensuring adherence to industry standards (SOC 2, ISO 27001, NIST, CMMC, etc.) while communicating risk status to stakeholders. **Expectations:** - Minimum 5 years in information security, risk management, or compliance roles. - Bachelor’s degree in Cybersecurity, Information Technology, or a related field. - Proven knowledge of third‑party risk frameworks and key regulations (CCPA, SOC 2, ISO 27001, NIST, CMMC). **Key Responsibilities:** - Conduct comprehensive risk assessments of vendors, partners, and service providers. - Develop, update, and enforce security policies and frameworks to meet regulatory requirements. - Manage the full lifecycle of third‑party risk: assessment, contract negotiation, onboarding, and ongoing monitoring. - Respond to security incidents, perform root‑cause analysis, and lead resolution efforts. - Prepare and present regular risk and compliance reports to senior management and stakeholders. - Collaborate with Legal, IT, Procurement, and business units to align security practices with organizational objectives. - Stay current on evolving cyber threats, regulatory changes, and best practices in third‑party risk management. **Required Skills:** - Deep understanding of security frameworks (SOC 2, ISO 27001, NIST CSF, NIST 800‑171, CMMC). - Expertise in third‑party risk assessment and vendor management. - Strong analytical, problem‑solving, and detail orientation. - Excellent written and verbal communication; ability to translate technical concepts to non‑technical audiences. - Self‑driven, able to manage multiple projects and meet deadlines independently. - Influencing and negotiation skills in complex environments. **Required Education & Certifications:** - Bachelor’s degree in Cybersecurity, Information Technology, or equivalent. - Certifications such as CISSP, CISM, or equivalent preferred but not mandated.

Minnesota, United states

Hybrid

Senior

07-01-2026