As an EEO/Affirmative Action Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or veteran status.

　　WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength. WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.

　　To enable our business to expand our lead in a market increasingly enhanced by technology, Waste Management is undertaking a substantial technology transformation. We are seeking talented Information Technology professionals to join the Waste Management team who are motivated to help us transform the way we design, build and use technology. With your skills and experience, we look for you to combine your technical expertise with industry best practices in an effort to align information technology solutions with Waste Management business strategy.

　　I. Job Summary

　　Lead strategic cyber GRC & OT initiatives and operations. Oversee risk & vulnerability governance, compliance, and mitigating actions, ensuring strong cyber security measures and effective team collaboration.

　　II. Essential Duties and Responsibilities

　　Develop and implement strategic cybersecurity GRC and vulnerability management initiatives aligned with business goals and industry best practices.

　　Develop, review, and enhance cybersecurity policies and standards to align with evolving threat landscapes and industry regulations.

　　Support company’s adherence to regulatory standards and internal policies by overseeing regular audits, assessments and review of security controls and processes.

　　Assist to identify, evaluate, and prioritize cybersecurity risk, guiding the team in potential security weaknesses and recommending appropriate risk mitigation strategies.

　　Oversee vulnerability scanning, prioritization, and remediation efforts, collaborating with cross-functional teams to prioritize and address security gaps.

　　Prepare and present regular reports on cyber GRC and vulnerability management to executive leadership, highlighting key metrics, risks, and improvement recommendations.

　　Oversee the assessment and management of cybersecurity risks associated with third-party vendors, assessing their compliance with security standards.

　　Stay updated with emerging cybersecurity technologies and trends, evaluating their relevance to GRC and vulnerability management, and recommending integration where applicable.

　　Manage and mentor a team of security professionals, fostering a culture of continuous improvement, knowledge sharing, and effective communication to enhance cyber GRC and vulnerability capabilities.

　　Assist to coordinate communication between peers, team, business owners and management.

　　III. Supervisory Responsibilities

　　The highest level of supervisory skills required in this job is management through one or more managerial levels. This includes:

　　Direct supervision of full-time employees including management, team leads and individual contributor positions;

　　May have indirect supervision of other full-time management and/or individual contributor positions.

　　IV. Qualifications

　　The requirements listed below are representative of the qualifications necessary to perform the job.

　　A. Education and Experience

　　Education: Bachelors Degree (accredited), or in lieu of degree, High School Diploma or GED (accredited) and four years of relevant work experience.

　　Experience: Eight years of relevant work experience (in addition to education requirement).

　　B. Certificates, Licenses, Registrations or Other Requirements

　　Preferred: ISC2, CISSPC. Other Knowledge, Skills or Abilities Required

　　Profound understanding of cybersecurity principles, GRC frameworks, and vulnerability management methodologies.

　　Familiarity with relevant regulatory standards such as NIST Cybersecurity Framework, PCI, SOX etc.

　　Strong leadership skills to guide and inspire cross-functional security teams.

　　Skill in translating technical concepts to non-technical stakeholders and influencing decision-making at all levels.

　　Excellent communication and interpersonal abilities for effective collaboration with stakeholders.

　　Advanced analytical skills to assess complex vulnerabilities and risks, and make data-driven decisions.

　　Proficiency in security tools, vulnerability scanning, and risk assessment platforms.

　　Ability to adapt to evolving cyber threats and industry trends, making informed adjustments to security strategies.

　　V. Work Environment

　　Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

　　Normal setting for this job is: office setting and/or landfill/outdoor.

　　Benefits

　　At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.

　　If this sounds like the opportunity that you have been looking for, please click Apply.

　　Equal Opportunity Employer: Minority/Female/Disability/Veteran