Waste Management (WM), a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.
To enable our business to expand our lead in a market increasingly enhanced by technology, Waste Management is undertaking a substantial technology transformation. We are seeking talented Information Technology professionals to join the Waste Management team who are motivated to help us transform the way we design, build and use technology. With your skills and experience, we look for you to combine your technical expertise with industry best practices in an effort to align information technology solutions with Waste Management business strategy.
I. Job Summary
The Sr. IT GRC Analyst supports governance, risk, and compliance frameworks for Digital/IT, helping to advance the Technology Risk program. Responsibilities include lifecycle management of the Digital policies, maturing the risk register, overseeing security awareness training, and promoting compliance automation tools. The role collaborates with stakeholders to ensure strong security controls, handles project reporting, assists with Digital initiatives, and helps test and automate cybersecurity tools. This position is based in Houston, Mon-Thurs in office, Friday remote.
II. Essential Duties And Responsibilities
To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.
- IT Risk Management: Drive risk identification, assessment, and mitigation of cybersecurity, technology, and data risks while staying up-to-date on changes in regulations, best practices, emerging technologies, and company-specific M&A activity and strategy that could impact the organization's IT governance, risk, and compliance posture.
- Continuous Monitoring: Drive company-wide implementation and adoption of continuous monitoring technology and tools to improve overall adequacy, quality and efficacy of controls.
- Policy Governance: Create and maintain policies and standards, in collaboration with stakeholders and drive company-wide implementation and adoption
- Compliance Management: Evaluate and support enterprise compliance against various regulatory requirements such as SOX, PCI, GDPR, as well as company policies. Provide reporting to leadership on issues identified, ongoing mitigation efforts and timing to execute, and formalize management risk acceptance where applicable.
- Security and Awareness Training: Promote a culture of cybersecurity awareness across the organization through risk assessments, monthly phishing and security training and awareness campaigns, giving leadership visibility into the effectiveness of training programs.
III. Supervisory Responsibilities
May coach and mentor less-experienced analysts.
IV. Qualifications
The requirements listed below are representative of the qualifications necessary to perform the job.
- Education and Experience
- Education: Bachelor's degree (accredited) in Computer Science, MIS, Business Administration or similar area of study, or in lieu of degree, High School Diploma or GED (accredited) and 4 years or relevant work experience.
- Experience: Five years of relevant work experience (in addition to education requirement).
- Certificates, Licenses, Registrations or Other Requirements
Must possess one of the following or will obtain one within the next 12 months:
- Certified Information Systems Security Professional (CISSP),
- Certified in Risk and Information Security Control (CRISC)
- Certified Information Security Manager (CISM).
- Other professional certifications desired include: CCSP, CISA
- Other Knowledge, Skills or Abilities Required
Advanced knowledge or skills in one or more of the following is required:
- Experience in the areas of change control, problem management, incident management troubleshooting security solutions.
- Technical understanding and awareness to security best practices to be implemented for modern systems such as Oracle ERP, AWS, and other agentic/AI/ML solutions.
- Ability to produce clear and actionable security reports and dashboards for stakeholders.
- Strong verbal and written communication skills to work with cross-functional teams.
- Work Environment Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.
Normal setting for this job is: office setting.
Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.
If this sounds like the opportunity that you have been looking for, please click "Apply".
