Risk Analyst - Vulnerability Management

It’s not just about your career or job title… It’s about who you are and the impact you will make on the world. Because whether it’s for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you’re in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us.

Who will you be working with?

Join Enterprise Information Security (EIS) to drive cybersecurity excellence leveraging intelligence, strategic partnerships, and analysis. Collaborate daily with GRC, Architecture, Operations, and key Information Technology stakeholders to advance our information security capabilities.

How will you make a difference?

As a member of ISA team, Wabtec is looking for a Risk Analyst focusing on Vulnerability Management. This role reports to the ISA Sr Manager within EIS, and will be responsible for developing, implementing, and overseeing our vulnerability management program, with a strong focus on risk assessment, governance, and cross-functional collaboration. This position requires a strategic thinker who can balance technical expertise with strong communication skills. The ideal candidate will lead the design and implementation of vulnerability assessment processes, establish governance structures, and drive risk-based decision-making across the organization. They will collaborate closely with various departments to integrate vulnerability management into existing workflows, ensuring a cohesive approach to cybersecurity. Additionally, the analyst will spearhead mandatory training initiatives to foster a security-conscious culture. This role demands a proactive approach to identifying and mitigating potential security risks, ultimately contributing to the overall resilience of our organization's IT infrastructure.

What do we want to know about you?

You must have:

• Bachelor’s degree in Business, Technology, Cyber Security, Technology Risk Management or related field or strong hands-on experience.
• 5+ years experience in information security, with a focus on Vulnerability Management and Risk Management
• Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly
• Strong interpersonal skills.
• Experience in stakeholder management and cross-functional collaboration
• Knowledge of industry Risk management frameworks, common mitigation practices, and Organizational control management.
• Proficiency in process formulation and improvement.
• Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management.

We would love it if you had:

• ISO 27001 standard knowledge is highly desirable.
• Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP) 

What will your typical day look like?

• Vulnerability Management Program Development:
  • Design and implement a comprehensive vulnerability management framework
  • Establish policies, procedures, and standards for vulnerability assessment and remediation
  • Develop and maintain a vulnerability management lifecycle, from discovery to closure
  • Create metrics and KPIs to measure program effectiveness and maturity
  • Collaborate with IT teams on vulnerability management tools and platforms requirements to support the program's objectives
• Governance and Oversight:
  • Develop and maintain a governance structure for the vulnerability management program
  • Establish roles and responsibilities across the organization for vulnerability management
  • Create and manage escalation procedures for high-risk vulnerabilities
  • Ensure alignment of the program with overall security strategy and business objectives
• Risk Assessment and Prioritization:
  • Establish a risk-based approach to vulnerability prioritization
  • Develop and maintain a vulnerability scoring system tailored to the organization's risk profile
  • Conduct regular risk assessments to identify critical assets and systems
• Process Improvement and Automation:
  • Continuously assess and improve vulnerability management processes
  • Identify opportunities for automation to increase efficiency and accuracy
  • Develop and implement workflows to streamline vulnerability remediation
• Stakeholder Collaboration and Communication:
  • Work closely with IT, engineering teams and business utils to understand their needs, integrate vulnerability management into their processes and align the program accordingly
  • Facilitate cross-functional working groups to address complex vulnerability challenges
  • Develop and deliver regular reports to executive leadership on program status and risk posture
• Incident Response Integration:
  • Collaborate with the Security Operations team to identify risk, remediation and false positives, and ensure rapid mitigation of exploited vulnerabilities
  • Participate in post-incident reviews to improve vulnerability management processes
  • Develop playbooks for addressing critical vulnerabilities that pose imminent threats
• Training and Awareness:
  • Develop and deliver training programs on vulnerability management for various stakeholders
  • Create awareness materials to promote a security-conscious culture
  • Mentor and guide other team members in vulnerability assessment and management

What about the physical demands of the job? (Usual office job examples)

• Regularly remaining in a stationary position, often standing or sitting for prolonged periods
• Regularly communicating with others to exchange information
• Regularly required to attend meetings in person and virtually using video and audio computer equipment
• Regularly repeating motions that may include the wrists, hands and/or fingers, such as typing
• Occasionally moving about to accomplish tasks or moving from one worksite to another
• Occasionally light work that includes moving objects up to 20 pounds

Work Environment: (Usual office job)

• Hybrid work schedule (both on-site and remote)
• The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions.  Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise

Relocation assistance may be provided if eligibility requirements are met.

#LI-AZ1

Our job titles may span more than one career level. The salary range for this role is between

The actual salary offered to a candidate may be influenced by a variety of factors, such as: training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at mywabtecbenefits.com. Other benefit offerings for this role may include an annual bonus, if eligible.

Who are we?

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation, and Faiveley Transport, the company has grown to become One Wabtec, with unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems.

Wabtec is focused on performance that drives progress and unlocks our customers’ potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more! http://www.WabtecCorp.com

Our Commitment to Embrace Diversity:

Wabtec is a global company that invests not just in our products, but also our people by embracing diversity and inclusion. We care about our relationships with our employees and take pride in celebrating the variety of experiences, expertise, and backgrounds that bring us together. At Wabtec, we aspire to create a place where we all belong and where diversity is welcomed and appreciated.  

To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better.

We believe in hiring talented people of varied backgrounds, experiences, and styles… People like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.