Associate IT GRC Analyst

Waste Management, Inc. (WM)•Houston, TX

1d•Onsite

About The Position

The IT GRC Associate role supports governance, risk, and compliance (GRC) activities for Digital and helps contribute to the overall Technology Risk program. The position focuses on learning core risk and security practices and keeping up with modern emerging technology trends while assisting with day-to-day execution and improvement efforts. Key responsibilities include supporting the maintenance and update of Digital policies, assisting with risk register updates, helping coordinate security awareness training activities, and promoting the use of compliance and automation tools. The role works closely with internal stakeholders to support strong security and risk controls across Digital initiatives. This position also provides hands-on experience by assisting with testing, configuring, and improving cybersecurity tools, while learning new technologies and processes to help deliver Digital initiatives. The role is ideal for someone eager to build foundational skills in technology risk, security, and compliance within a collaborative environment.

Requirements

Bachelor's Degree in Computer Science, MIS, or similar area of study.
4 years of related experience may substitute for the Bachelor’s degree.

Nice To Haves

1-2 years of previous experience preferred
1-2 years of experience in IT compliance with responsibilities involving interpretation of regulatory requirements (eg. SOX, PCI DSS, ERCOT, PII, CCPA, EPA etc.) and demonstrated success in translating them into actionable and sustainable compliance strategies.
Recent exposure to Agentic AI tools and related governance strategies strongly preferred.
Experience in the areas of change control, problem management, incident management troubleshooting security solutions
Technical understanding and awareness to security best practices to be implemented for modern systems such as Oracle ERP, AWS, and other agentic/AI/ML solutions
Familiarity/prior exposure to agentic AI tools and willingness to learn other tools
Strong verbal and written communication skills to work with cross-functional teams.

Responsibilities

Support the identification, assessment, and tracking of cybersecurity, technology, and data risks by gathering information, maintaining documentation, and assisting with mitigation activities.
Stay informed about changes in regulations, security best practices, emerging technologies, and company initiatives (including M&A activity) that may impact the organization’s IT governance, risk, and compliance posture.
Support the implementation and adoption of continuous monitoring technologies and tools by assisting with configuration, documentation, testing, and user enablement activities.
Help track usage and effectiveness of controls and contribute towards automating processes and generating efficiencies.
Support the creation and maintenance of policies and standards by assisting with documentation updates, stakeholder reviews, and version management.
Help coordinate and support company wide implementation and adoption efforts.
Prepare draft compliance reports and dashboards detailing findings, mitigation progress, and expected timelines, log issues, and actively track remediation actions to closure.
Assist with documenting management risk acceptance decisions in accordance with established processes and templates.
Execute and support cybersecurity awareness activities by running phishing simulations, coordinating security training communications, assisting with awareness campaigns, and collecting results.
Analyze participation and performance metrics and help prepare reports that demonstrate training effectiveness to leadership.