What are the responsibilities and job description for the Senior Analyst, Digital Security position at WM?
WM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law.
WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.
I. Job Summary
Play a key role in supporting the development, implementation, and maintenance of governance, risk, and compliance frameworks across the IT landscape. The Senior Analyst Digital/IT Compliance will report directly to the Senior Manager Digital/IT Compliance and work closely with cross-functional teams to ensure IT operations align with both internal policies and external regulatory requirements, while proactively identifying risks and implementing mitigation strategies for compliance.
II. Essential Duties and Responsibilities
To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.
Engage Across the Business: Partner with IT and business teams to identify and centrally manage emerging and existing risks associated with IT application security, identity and access management, configuration and data governance and overall enterprise policy adherence
Evolve Our Capabilities: Leverage leading practice GRC Compliance tools (such as OneTrust, Sailpoint, Oracle Risk Cloud, Monday.com, AuditBoard, and SAP GRC) to enable effective and sustainable risk prevention or risk mitigation compliance strategies
Lead the business adoption and maintenance of GRC Compliance tools and analytics to monitor and report on compliance with IT security policies, regulatory requirements, and industry standards.
Empower Our People: Provide training and awareness programs on IT security, risk management, and compliance topics for employees across the organization and build a culture of proactive compliance maturity.
Support internal and external audits by providing necessary documentation and evidence of compliance with relevant laws and regulations (eg. SOX, PCI DSS, ERCOT, PII, CCPA, EPA)
Enable Business Strategies: Stay up-to-date on changes in regulations, best practices, and emerging technologies that could impact the organization's IT governance and compliance posture
Engage Across the Business: Partner with IT and business teams to identify and centrally manage emerging and existing risks associated with IT application security, identity and access management, configuration and data governance and overall enterprise policy adherence
Evolve Our Capabilities: Leverage leading practice GRC Compliance tools (such as OneTrust, Sailpoint, Oracle Risk Cloud, Monday.com, AuditBoard, and SAP GRC) to enable effective and sustainable risk prevention or risk mitigation compliance strategies
Lead the business adoption and maintenance of GRC Compliance tools and analytics to monitor and report on compliance with IT security policies, regulatory requirements, and industry standards.
III. Qualifications
The requirements listed below are representative of the qualifications necessary to perform the job.
A. Education and Experience
- Education: Bachelor's degree (accredited) in Computer Science, MIS, Business Administration or similar area of study, or in lieu of degree, High School Diploma or GED (accredited) and 4 years or relevant work experience.
- Experience: At least five years of experience in IT compliance with responsibilities involving interpretation of regulatory requirements (eg. SOX, PCI DSS, ERCOT, PII, CCPA, EPA etc.) and demonstrated success in translating them into actionable and sustainable compliance strategies preferred.
B. Certificates, Licenses, Registrations or Other Requirements
- Certified Information Systems Security Professional (CISSP) preferred
- Certified Information Systems Auditor (CISA) preferred
- Certified Information Security Manager (CISM) preferred
- Other professional certifications desired include: CPA, CCSP, CRISC, CC ISO 27001, CWSP, GIAC.
- Other vendor certifications desired include: CCNA, CCNP, CCSP, MSCE
C. Other Knowledge, Skills or Abilities Required
| Technical understanding of Oracle ERP systems, Processes, Configurations, & System Functionality |
| Familiarity with Best Practice Oracle Application Security Role Design Concepts, as well as STRIDE LM, SABSA |
| Experience with Segregation of Duties and Sensitive Access Rulesets, and ERP Configuration Change Management Controls and Policies |
| Experience with Hands-On Compliance Tools such as OneTrust, Sailpoint, Oracle Risk Cloud, Monday.com, AuditBoard, SAP GRC, VikingCloud, SAI 360 |
| Competency in Analytical Tools or Languages such as PowerBI, Tableau, Alteryx and familiarity with Data Governance controls in backend database platforms such as Snowflake and S/4 HANA |
| Knowledge of cloud environments and their associated risks (AWS, Azure, Google Cloud, etc.). |
| Familiarity with Best Practice Oracle Application Security Role Design Concepts |
| Prioritizes accountability, ownership, and proactive communication |
| Critical thinking and analytical skills with ability to both identify risks and propose solutions. |
| Strong attention to detail, organizational skills, and ability to build/follow process flows and maps |
| Ability to “build a coalition” and work collaboratively with cross-functional teams |
IV. Work Environment
Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.
Normal setting for this job is: office setting.
Benefits
At WM, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.
If this sounds like the opportunity that you have been looking for, please click “Apply”.
