As an EEO/Affirmative Action Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or veteran status.

WM, a Fortune 250 company, is the leading provider of comprehensive waste and environmental services in North America. We are strongly committed to a foundation of operating excellence, professionalism and financial strength.  WM serves nearly 25 million customers in residential, commercial, industrial and municipal markets throughout North America through a network of collection operations, transfer stations, landfills, recycling facilities and waste-based energy production projects.

To enable our business to expand our lead in a market increasingly enhanced by technology, WM is undertaking a substantial technology transformation. We are seeking talented Information Technology professionals to join the WM team who are motivated to help us transform the way we design, build and use technology. With your skills and experience, we look for you to combine your technical expertise with industry best practices in an effort to align information technology solutions with Waste Management business strategy.

I.  Job Summary
The Senior OT Cybersecurity Analyst is responsible for ensuring the security, integrity, and reliability of Operational Technology systems, including industrial control systems (ICS) and critical infrastructure networks. This role involves developing and implementing cybersecurity strategies, monitoring systems for threats, conducting risk assessments, and leading incident response efforts. The ideal candidate possesses extensive experience in cybersecurity with a focus on OT environments, strong analytical skills, and the ability to work collaboratively across multidisciplinary teams.

 

II. Essential Duties and Responsibilities

To perform this job successfully, an individual must be able to perform each duty satisfactorily.  Other ancillary duties may be assigned. 

Cybersecurity Strategy and Policy Development 

Develop, implement, and maintain cybersecurity policies, standards, and procedures for OT environments.  Align OT cybersecurity programs with organizational goals and compliance requirements, including NIST, IEC 62443, and other applicable frameworks. 

Risk Management and Assessment 

Perform risk assessments for OT systems, identifying vulnerabilities and recommending mitigation strategies.  Collaborate with stakeholders to prioritize cybersecurity investments based on risk analysis.  Monitoring and Incident Response  Monitor OT systems for cybersecurity threats using specialized tools and techniques.  Lead the investigation and response to cybersecurity incidents, minimizing impacts and ensuring prompt recovery. 

System Hardening and Architecture 

Provide guidance on secure system design, network segmentation, and other protective measures for OT environments.  Collaborate with IT teams to ensure integration between IT and OT cybersecurity strategies.  Training and Awareness  Conduct cybersecurity training and awareness programs tailored to OT personnel.  Act as a subject-matter expert (SME) for OT cybersecurity best practices. 

Compliance and Auditing 

Ensure compliance with industry regulations and standards related to OT cybersecurity.  Prepare for and participate in cybersecurity audits and assessments.  Collaboration and Leadership  Work closely with engineering, operations, and IT teams to align cybersecurity efforts with operational needs.  Assist leadership to implement a roadmap for OT Cybersecurity maturity, including technology assessments, gap analysis, and improvement plans.  Mentor junior cybersecurity analysts and provide technical guidance. 

III.  Supervisory Responsibilities
May coach and mentor less-experienced analysts and act as team leader on systems projects.

 

IV.  Qualifications

The requirements listed below are representative of the qualifications necessary to perform the job. 

 

 

A.  Education and Experience

Education: Bachelor's degree (accredited) in Computer Science, MIS, Business Administration or similar area of study, or in lieu of degree, High School Diploma or GED (accredited) and 4 years or relevant work experience. Experience: Five years of relevant work experience (in addition to education requirement). Relevant work experience includes cybersecurity with a focus on OT and ICS environments, networking, host, data and/or application security in multiple operating system environments. 

B.  Certificates, Licenses, Registrations or Other Requirements
Must possess one of the following or will obtain one within the next 12 months: 

Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Preferred: CWSP, GIAC, GICSP, or ISA/IEC 62443  Preferred: CCNA, CCNP, CCSP, MSCE

C. Other Knowledge, Skills or Abilities Required

Advanced knowledge or skills in one or more of the following is required:

Knowledge of threat and vulnerability and/or identity related processes and technology. Proficiency in vulnerability management tools such as Qualys, Core Impact, WebInspect, etc.

D. Other Knowledge Skills or Abilities Preferred

In-depth knowledge of OT cybersecurity frameworks (e.g., NIST SP 800-82, IEC 62443). Proficiency in threat and vulnerability management and/or identity related processes and technology.   Familiarity with critical infrastructure sectors (e.g., energy, wastewater treatment, utilities). Experience in integrating IT and OT cybersecurity strategies. Proven experience in conducting risk assessments, vulnerability management, and incident response. Technical skills across a broad range of computing platforms and network protocols such as ICS/SCADA systems and protocols (e.g., Modbus, DNP3, OPC). Experience in several or more of the following technologies: Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority and encryption. Understanding and experience with IP address space management, subnetting, name resolution, and directory service protocols and be able to participate and guide future network LAN/WAN planning and implementation. Familiarity with key security models and regulations such as ISO 2700X, SOX and PCI. Ability to support both internal and external audits. Experience in the areas of change control, problem management, incident management troubleshooting of security solutions. Strong analytical and problem-solving skills. Ability to multi-task and work on multiple projects at one time. Ability to communicate both written and verbally. Proficiency in investigative practices and procedures (forensics knowledge is a plus).

V.  Work Environment
Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Normal setting for this job is: office setting.
 
Benefits
At Waste Management, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability.  As well as a Stock Purchase Plan, Company match on 401K, and more!  Our employees also receive Paid Vacation, Holidays, and Personal Days.  Please note that benefits may vary by site.

If this sounds like the opportunity that you have been looking for, please click Apply.