Waste Management (WM), a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.
I. Job Summary
The IT GRC Analyst supports governance, risk, and compliance frameworks for Digital/IT, helping to advance the Technology Risk program. Responsibilities include lifecycle management of the Digital policies, maturing the risk register, overseeing security awareness training, and promoting compliance automation tools. The role collaborates with stakeholders to ensure strong security controls, helps test and automate cybersecurity tools and learns technologies to directly execute Digital initiatives. This position is based in Houston, Mon-Thurs in office, Friday remote.
II. Duties and Responsibilities include the following:
To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.
- IT Risk Management: Drive risk identification, assessment, and mitigation of cybersecurity, technology, and data risks while staying up-to-date on changes in regulations, best practices, emerging technologies, and company-specific M&A activity and strategy that could impact the organization's IT governance, risk, and compliance posture.
- Continuous Monitoring: Drive company-wide implementation and adoption of continuous monitoring technology and tools to improve overall adequacy, quality and efficacy of controls.
- Policy Governance: Create and maintain policies and standards, in collaboration with stakeholders and drive company-wide implementation and adoption
- Compliance Management: Evaluate and support enterprise compliance against various regulatory requirements such as SOX, PCI, GDPR, as well as company policies. Provide reporting to leadership on issues identified, ongoing mitigation efforts and timing to execute, and formalize management risk acceptance where applicable.
Security and Awareness Training: Promote a culture of cybersecurity awareness across the organization through risk assessments, monthly phishing and security training and awareness campaigns, giving leadership visibility into the effectiveness of training programs.
III. Supervisory Responsibilities
None required.
IV. Qualifications
A. Education and Experience
- Required: Bachelor's Degree in Computer Science, MIS, Business Administration or similar area of study. Three (3) years of previous experience required. An additional four (4) years of related experience may substitute for the Bachelor's degree.
- Preferred: Bachelor's Degree and at least three (3) years of experience in network, host, data and/or application security in multiple operating system environments.
B. Certificates, Licenses, Registrations or Other Requirements
- None required.
Preferred:
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Security Control (CRISC)
- Certified Information Security Manager (CISM)
- Other professional certifications desired include: CPA, CCSP, CISA
C. Other Knowledge, Skills or Abilities Required
Intermediate knowledge or skills in one or more of the following is required:
- Experience in the areas of change control, problem management, incident management troubleshooting security solutions
- Technical understanding and awareness to security best practices to be implemented for modern systems such as Oracle ERP, AWS, and other agentic/AI/ML solutions
- Familiarity/prior exposure to agentic AI tools and willingness to learn other tools
- Strong verbal and written communication skills to work with cross-functional teams.
D. Other Knowledge, Skills or Abilities that Contribute to Success
- May require intermediate skills in one or more of the following:
- Fortune 500 experience.
- Technical skills across a broad range of computing platforms and network protocols.
- Ability to support both internal and external audits.
- Experience in the areas of change control, problem management, incident management troubleshooting of security solutions.
- Ability to multi-task and work on multiple projects at one time.
- Ability to communicate both written and verbally.
V. Work Environment and Essential Functions
Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.
- Required to use motor coordination with finger dexterity (such as keyboarding, machine operation, etc.) most of the work day.
- Required to exert physical effort in handling objects less than 30 pounds rarely.
- Normal setting for this job is: office setting.
- This position is located in Houston TX at our dowtown Houston headquarters. This role is required to be onsite Monday through Thursday with a flexible work from home day on Friday.
- Candidates must be located in Houston, TX with no relocation assistance available.
Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.
If this sounds like the opportunity that you have been looking for, please click "Apply".