• Job Description

  Req#: 2313955

  As an EEO/Affirmative Action Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or veteran status.

  WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.

  To enable our business to expand our lead in a market increasingly enhanced by technology, Waste Management is undertaking a substantial technology transformation. We are seeking talented Information Technology professionals to join the Waste Management team who are motivated to help us transform the way we design, build and use technology. With your skills and experience, we look for you to combine your technical expertise with industry best practices in an effort to align information technology solutions with Waste Management business strategy.

  I. Job Summary

  Under supervision of Senior Cybersecurity staff, responsible for assessing and re-assessing third-party’s risks to WM's data and for security awareness for WM.

  II. Duties and Responsibilities

  • Primary contact between business owners and third-parties performing cybersecurity risk assessments to identify vulnerabilities and potential threats to WM’s digital assets utilizing NIST Cybersecurity Framework.
  • Leverage various technologies to manage and improve existing cybersecurity risk management procedures.
  • Utilizing risk assessment software to maintain essential cybersecurity controls, capture the business requirement, analyzes vendor responses, validating risk score calculation, and document recommendations within the final report.
  • Serve as the primary liaison for all stakeholders involved in Cybersecurity third-party risk management processes.
  • Develop and deliver cybersecurity training and awareness activities to internal personnel.
    Collect and leverage metrics to demonstrate the growth and effectiveness of risk assessments and training activities.
    

  III. Supervisory Responsibilities

  None required.

  IV. Qualifications

  The requirements listed below are representative of the qualifications necessary to perform the job.

  A. Education and Experience

  Education: Bachelor's Degree (accredited) in Computer Science, MIS, or similar area of study or in lieu of degree, High School Diploma or GED (accredited) and three (3) years of risk analysis using NIST 800-53 as a framework may substitute for the Bachelor’s degree.

  Experience: Three (3) years of risk analysis using NIST 800-53 as a framework

  B. Certificates, Licenses, Registrations or Other Requirements

  • Preferred: professional certifications include: CISSP, CISM, CISA, CCSP, CCSK, or other certifications which focus on security best practices.

  C. Other Knowledge, Skills or Abilities Required

  Knowledge or skills in one or more of the following is required:

  • Employ critical thinking skills to analyze complex situations to make informed risk-based decisions.
  • Familiarity with NIST Cybersecurity Framework and NIST Special Publications 800-53 and 800-30.
  • Conduct analysis of cybersecurity documents against NIST controls.
  • Proficient leading meetings with internal stakeholders and external vendors.
  • Excellent problem solving and analytical skills.
  • Ability to synthesize findings, draw independent conclusions and support decisions that may contradict calculated results.
  • Excellent communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.
  • Work effectively with cross-functional teams and stakeholders.

  Knowledge or skills in the following is essential:

  • Ability to multi-task and managing concurrent projects effectively.
  • Strong written communication skills.
  • Ability to work independently while maintaining attention to detail.
  • Stay abreast of emerging threats, technologies, and industry cybersecurity best practices.

  Experience in several or more of the following technologies is advantageous:
  

  • Network Security (Firewalls, Web Application Firewalls, others), Vulnerability Scanning, Email Security, Endpoint Security, Operational Technology, Cloud Security.
  • Familiarity or experience with risk assessment frameworks and/or Cybersecurity awareness training software solutions.
    

  V. Work Environment

  Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

  Normal setting for this job is: office setting and/or landfill/outdoor.

  Benefits
  At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.

  If this sounds like the opportunity that you have been looking for, please click Apply.

• About the company

  Waste Management, Inc. is an American waste management, comprehensive waste, and environmental services company in North America.

Notice