Principal Analyst, Cyber Security - BISO

As an EEO/Affirmative Action Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or veteran status.

WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength.  WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.

To enable our business to expand our lead in a market increasingly enhanced by technology, Waste Management is undertaking a substantial technology transformation. We are seeking talented Information Technology professionals to join the Waste Management team who are motivated to help us transform the way we design, build and use technology. With your skills and experience, we look for you to combine your technical expertise with industry best practices in an effort to align information technology solutions with Waste Management business strategy.   I. Job Summary

As a Principal in Cybersecurity leading the Business Information Security Office (BISO) Operations and Sustainability pillar, you will specialize in risk management, IT, and OT/ICS environments. You will be responsible for securely enabling the Ops and Sustainability business and managing and reporting risk to leadership. As a BISO leader, you will be the face of Cyber to the business, with a focus on continuous improvement and automation, while overseeing environment changes, stakeholder communication, and issue management. You will assist in managing our suite of BISO Digital Solutions, ensuring systems are accurate and reporting to leadership is consistent.

Key aspects of this role include managing third-party risk and collaborating with infrastructure, industrial automation, and digital business support to drive risk management initiatives. You will also lead or manage projects, aligning team goals, improving resource utilization, and enhancing overall effectiveness. Additionally, you will communicate risk to the business, providing consultation and support to enable innovation while ensuring compliance and security standards are met. Your expertise in business operations, risk management, and operational technology will be essential for success in this role.

II. Duties and Responsibilities

To perform this job successfully, an individual must be able to perform each duty satisfactorily.  Other ancillary duties may be assigned. 

• Engages and builds relationship with assigned line of business leaders to support business efforts while advocating for a more secure environment
• Manages risk and consults assigned line of business on possible mitigation efforts to reduce risk
• Conducts analysis as directed and prepares and delivers insights and recommendations based on analysis
• Engages with other Cyber pillars to implement proactive and detective security measures
• Champions and leads functional projects and/or process improvements with focus on automation
• Communicates issues and roadblocks related to areas of responsibility
• Assists with team leadership, including development and mentoring of junior talent 
• Other duties as assigned

III. Supervisory Responsibilities

Will coach and mentor less experienced analysts and act as team leader on more complicated systems projects.

  IV. Qualifications  

A. Education and Experience

Education: Bachelors Degree (accredited) in Computer Science, MIS, Business Administration or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience.  

Experience: Seven years of prior work experience (in addition to education requirement).

B.  Certificates, Licenses, Registrations or Other Requirements

• Must be available to work 40 hours per week/standard working hours 
• Must be able to work hybrid schedule of 4 days (Monday – Thursday) in office.
• Travel < 10%

One or more of the following is required:

• Certified Information Systems Security Professional (CISSP).
• Certified Information Systems Auditor (CISA).
• Certified Information Security Manager (CISM).

C. Other Knowledge, Skills or Abilities Required

• Knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53v4, and ISA/IEC 62443 
• Ability to work efficiently and independently while maintaining attention to detail
• Able to be flexible and adapt to changing situations while remaining positive
• Ability to work effectively in a diverse, collaborative team environment
• Strong verbal and written communication skills to senior leadership
• Proficient with Microsoft Office suite (Excel, PowerPoint, Outlook, Word)

Technically advanced or in-depth knowledge or skills in one or more of the following is required:

• Fortune 500 experience.
• Expert Knowledge of threat and vulnerability and/or identity related processes and technology.
• Must have expert technical proficiency in at least one vulnerability management tool such as Qualys, Core Impact, WebInspect, etc.
• Must have high proficiency in investigative practices and procedures (forensics knowledge is a plus).

May require technically advanced or in-depth skills in one or more of the following:

• Previous Criminal Justice experience.
• Ability to create and deliver presentations targeted to either end users or senior management.
• Highly technical across a broad range of computing platforms and network protocols.
• Experience in several or more of the following technologies: Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority and encryption.
• Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN/WAN planning and implementation.
• Familiarity with key security models and regulations such as ISO 2700X, SOX and PCI.
• Ability to support both internal and external audits.
• Experience in the areas of change control, problem management, incident management troubleshooting of security solutions.
• Ability to handle successfully multiple projects at one time.
• Strong communicator both written and verbally.
• Actively participate in professional organizations such as ISSA, ISACA, and InfraGard.

V. Work Environment

Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. 

 

Normal setting for this job is: office setting and/or landfill/outside.

 

Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability.  As well as a Stock Purchase Plan, Company match on 401K, and more!  Our employees also receive Paid Vacation, Holidays, and Personal Days.  Please note that benefits may vary by site.

 

If this sounds like the opportunity that you have been looking for, please click Apply.

ABOUT WM WM (WM.com) is North America’s largest comprehensive waste management environmental solutions provider. Previously known as Waste Management and based in Houston, Texas, WM is driven by commitments to put people first and achieve success with integrity. The company, through its subsidiaries, provides collection, recycling and disposal services to millions of residential, commercial, industrial and municipal customers throughout the U.S. and Canada. With innovative infrastructure and capabilities in recycling, organics and renewable energy, WM provides environmental solutions to and collaborates with its customers in helping them achieve their sustainability goals. WM has the largest disposal network and collection fleet in North America, is the largest recycler of post-consumer materials and is the leader in beneficial reuse of landfill gas, with a growing network of renewable natural gas plants and the most gas-to-electricity plants in North America. WM’s fleet includes nearly 11,000 natural gas trucks – the largest heavy-duty natural gas truck fleet of its kind in North America – where more than half are fueled by renewable natural gas. To learn more about WM and the company’s sustainability progress and solutions, visit Sustainability.WM.com.