Job Description

WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.

I. Job Summary
The IT GRC Analyst supports governance, risk, and compliance frameworks for Digital/IT, helping to advance the Technology Risk program. Responsibilities include lifecycle management of the Digital policies, maturing the risk register, overseeing security awareness training, and promoting compliance automation tools. The role collaborates with stakeholders to ensure strong security controls, helps test and automate cybersecurity tools and learns technologies to directly execute Digital initiatives. This position is based in Houston, Mon-Thurs in office, Friday remote.

II. Duties and Responsibilities include the following:
To perform this job successfully, an individual must be able to perform each duty satisfactorily. Other ancillary duties may be assigned.

• IT Risk Management: Drive risk identification, assessment, and mitigation of cybersecurity, technology, and data risks while staying up-to-date on changes in regulations, best practices, emerging technologies, and company-specific M&A activity and strategy that could impact the organization's IT governance, risk, and compliance posture.
• Continuous Monitoring: Drive company-wide implementation and adoption of continuous monitoring technology and tools to improve overall adequacy, quality and efficacy of controls.
• Policy Governance: Create and maintain policies and standards, in collaboration with stakeholders and drive company-wide implementation and adoption
• Compliance Management: Evaluate and support enterprise compliance against various regulatory requirements such as SOX, PCI, GDPR, as well as company policies. Provide reporting to leadership on issues identified, ongoing mitigation efforts and timing to execute, and formalize management risk acceptance where applicable.
• Security and Awareness Training; Promote a culture of cybersecurity awareness across the organization through risk assessments, monthly phishing and security training and awareness campaigns, giving leadership visibility into the effectiveness of training programs.
  

III. Supervisory Responsibilities

• None required.

IV. Qualifications

A. Education and Experience

• Required: Bachelor's Degree in Computer Science, MIS, Business Administration or similar area of study. Three (3) years of previous experience required. An additional four (4) years of related experience may substitute for the Bachelor's degree.
• Preferred: Bachelor's Degree and at least three (3) years of experience in network, host, data and/or application security in multiple operating system environments.

B. Preferred Certificates, Licenses, Registrations or Other Requirements

• None required.
• Certified Information Systems Security Professional (CISSP),
  Certified in Risk and Information Security Control (CRISC)
  Certified Information Security Manager (CISM).
• Other professional certifications desired include: CPA, CCSP, CISA
  

C. Other Knowledge, Skills or Abilities Required

Intermediate knowledge or skills in one or more of the following is required:

• Experience in the areas of change control, problem management, incident management troubleshooting security solutions
• Technical understanding and awareness to security best practices to be implemented for modern systems such as Oracle ERP, AWS, and other agentic/AI/ML solutions
• Familiarity/prior exposure to agentic AI tools and willingness to learn other tools
• Strong verbal and written communication skills to work with cross-functional teams.
  

D. Other Knowledge, Skills or Abilities that Contribute to Success

May require intermediate skills in one or more of the following:

• Fortune 500 experience.
• Technical skills across a broad range of computing platforms and network protocols.
• Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN/WAN planning and implementation.
• Familiarity with key security models and regulations such as ISO 2700X, SOX and PCI.
• Ability to support both internal and external audits.
• Experience in the areas of change control, problem management, incident management troubleshooting of security solutions.
• Ability to multi-task and work on multiple projects at one time.
• Ability to communicate both written and verbally.
• Proficiency in investigative practices and procedures (forensics knowledge is a plus).

V. Work Environment and Essential Functions
Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. [Note: The following is defaulted for office setting position]

• Required to use motor coordination with finger dexterity (such as keyboarding, machine operation, etc.) most of the work day;
• Required to exert physical effort in handling objects less than 30 pounds rarely;
• Required to be exposed to physical occupational risks (such as cuts, burns, exposure to toxic chemicals, etc.) rarely;
• Required to be exposed to physical environment which involves dirt, odors, noise, weather extremes or similar elements rarely;
• Normal setting for this job is: office setting.

Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.

If this sounds like the opportunity that you have been looking for, please click "Apply".

ABOUT WM

WM ( WM.com) is North America's leading provider of comprehensive environmental solutions. Previously known as Waste Management and based in Houston, Texas, WM is driven by commitments to put people first and achieve success with integrity. The company, through its subsidiaries, provides collection, recycling and disposal services to millions of residential, commercial, industrial, medical and municipal customers throughout the U.S. and Canada. With innovative infrastructure and capabilities in recycling, organics and renewable energy, WM provides environmental solutions to and collaborates with its customers in helping them pursue their sustainability goals. WM has the largest disposal network and collection fleet in North America, is the largest recycler of post‑consumer materials and is a leader in beneficial use of landfill gas, with a growing network of renewable natural gas plants and the most landfill gas‑to‑electricity plants in North America. WM’s fleet includes more than 12,000 natural gas trucks – the largest heavy‑duty natural gas truck fleet in the industry in North America. Healthcare Solutions provides collection and disposal services of regulated medical waste, as well as secure information destruction services, in the U.S., Canada and Western Europe. To learn more about WM and the company’s sustainability progress and solutions, visit Sustainability.WM.com

Equal Employment Opportunity

For United States: WM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law.

For Canada: WM is committed to the principle of equal employment for all applicants and employees, without discrimination on the basis of all grounds protected by applicable human rights legislation. Accommodations are available on request for candidates taking part in all aspects of the selection process. Please notify us if you require accommodation.

Real ID

In order to travel by air or access federal property, federal law requires individuals have a REAL ID or an acceptable alternative. This position may require the successful candidate to travel by air for business reasons or service federal property. Accordingly, successful candidates must have, or be willing to obtain, a REAL ID or TSA‑approved alternative.