What are the responsibilities and job description for the Principal Analyst, Cyber Security - BISO position at Waste Management?

As an EEO / Affirmative Action Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or veteran status.

WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.

To enable our business to expand our lead in a market increasingly enhanced by technology, Waste Management is undertaking a substantial technology transformation. We are seeking talented Information Technology professionals to join the Waste Management team who are motivated to help us transform the way we design, build and use technology. With your skills and experience, we look for you to combine your technical expertise with industry best practices in an effort to align information technology solutions with Waste Management business strategy. I. Job Summary

As a Principal in Cybersecurity leading the Business Information Security Office (BISO) Operations and Sustainability pillar, you will specialize in risk management, IT, and OT / ICS environments. You will be responsible for securely enabling the Ops and Sustainability business and managing and reporting risk to leadership. As a BISO leader, you will be the face of Cyber to the business, with a focus on continuous improvement and automation, while overseeing environment changes, stakeholder communication, and issue management. You will assist in managing our suite of BISO Digital Solutions, ensuring systems are accurate and reporting to leadership is consistent.

Key aspects of this role include managing third-party risk and collaborating with infrastructure, industrial automation, and digital business support to drive risk management initiatives. You will also lead or manage projects, aligning team goals, improving resource utilization, and enhancing overall effectiveness. Additionally, you will communicate risk to the business, providing consultation and support to enable innovation while ensuring compliance and security standards are met. Your expertise in business operations, risk management, and operational technology will be essential for success in this role.

II. Duties and Responsibilities

To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.

Engages and builds relationship with assigned line of business leaders to support business efforts while advocating for a more secure environment
Manages risk and consults assigned line of business on possible mitigation efforts to reduce risk
Conducts analysis as directed and prepares and delivers insights and recommendations based on analysis
Engages with other Cyber pillars to implement proactive and detective security measures
Champions and leads functional projects and / or process improvements with focus on automation
Communicates issues and roadblocks related to areas of responsibility
Assists with team leadership, including development and mentoring of junior talent
Other duties as assigned

III. Supervisory Responsibilities

Will coach and mentor less experienced analysts and act as team leader on more complicated systems projects.

IV. Qualifications

A. Education and Experience

Education : Bachelors Degree (accredited) in Computer Science, MIS, Business Administration or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience.

Experience : Seven years of prior work experience (in addition to education requirement).

B. Certificates, Licenses, Registrations or Other Requirements

Must be available to work 40 hours per week / standard working hours

Must be able to work hybrid schedule of 4 days (Monday – Thursday) in office.

Travel

One or more of the following is required :

Certified Information Systems Security Professional (CISSP).

Certified Information Systems Auditor (CISA).

Certified Information Security Manager (CISM).

C. Other Knowledge, Skills or Abilities Required

Knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53v4, and ISA / IEC 62443

Ability to work efficiently and independently while maintaining attention to detail

Able to be flexible and adapt to changing situations while remaining positive

Ability to work effectively in a diverse, collaborative team environment

Strong verbal and written communication skills to senior leadership

Proficient with Microsoft Office suite (Excel, PowerPoint, Outlook, Word)

Technically advanced or in-depth knowledge or skills in one or more of the following is required :

Fortune 500 experience.

Expert Knowledge of threat and vulnerability and / or identity related processes and technology.

Must have expert technical proficiency in at least one vulnerability management tool such as Qualys, Core Impact, WebInspect, etc.

Must have high proficiency in investigative practices and procedures (forensics knowledge is a plus).

May require technically advanced or in-depth skills in one or more of the following :

Previous Criminal Justice experience.

Ability to create and deliver presentations targeted to either end users or senior management.

Highly technical across a broad range of computing platforms and network protocols.

Experience in several or more of the following technologies : Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority and encryption.

Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN / WAN planning and implementation.

Familiarity with key security models and regulations such as ISO 2700X, SOX and PCI.

Ability to support both internal and external audits.

Experience in the areas of change control, problem management, incident management troubleshooting of security solutions.

Ability to handle successfully multiple projects at one time.

Strong communicator both written and verbally.

Actively participate in professional organizations such as ISSA, ISACA, and InfraGard.

V. Work Environment

Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Normal setting for this job is : office setting and / or landfill / outside.

Benefits

At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.

Apply for this job

Receive alerts for other Principal Analyst, Cyber Security - BISO job openings

Principal Analyst, Cyber Security - BISO

What are the responsibilities and job description for the Principal Analyst, Cyber Security - BISO position at Waste Management?

What is the career path for a Principal Analyst, Cyber Security - BISO?

Job openings at Waste Management

Not the job you're looking for? Here are some other Principal Analyst, Cyber Security - BISO jobs in the Houston, TX area that may be a better fit.

We don't have any other Principal Analyst, Cyber Security - BISO jobs in the Houston, TX area right now.

AI Assistant is available now!