Wabtec
Overview
It’s not just about your career or job title… It’s about who you are and the impact you will make on the world. Because whether it’s for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you’re in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us. Who will you be working with? Join Enterprise Information Security (EIS) to drive cybersecurity excellence leveraging intelligence, strategic partnerships, and analysis. Collaborate daily with GRC, Architecture, Operations, and key Information Technology stakeholders to advance our information security capabilities. How will you make a difference? As a member of the ISA team, Wabtec is looking for a
Senior Cybersecurity Risk & Controls Analyst . This role reports to the ISA Sr Manager within EIS and will be responsible for building, developing, implementing, and operating a strategic Risk & Controls Management program to protect Wabtec and its stakeholders while supporting our strategic objectives. In this position, you will assume a leading role in driving the organization’s information security risk management efforts through the identification, assessment, and remediation of security risks, ensuring the protection of critical assets, the implementation of adequate security controls and compliance with legal, statutory, regulatory and contractual requirements. You will foster a risk-aware culture, promote awareness of security risks, and empower employees to contribute to the organization’s risk posture. You will collaborate cross-functionally with IT and Business stakeholders to develop and implement robust security strategies and practices, guiding the organization toward a mature and resilient security posture. What do we want to know about you? Must have: Bachelor’s degree in Business, Technology, Cyber Security, Technology Risk Management or related field or strong hands-on experience. 5+ years experience in Security & Risk management. Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly. Strong interpersonal skills. Knowledge of industry risk management frameworks, common mitigation practices, and organizational control management. Demonstrate professional skepticism to ensure evidence is sufficient when assessing relevant information security controls. Understanding of business processes, internal risk management strategies, IT controls, and how they interact together. Proficiency in process formulation and improvement. Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response. Proven strong written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management. Nice to have: ISO 27001 and NIST CSF knowledge is highly desirable. Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP). What will your typical day look like? Risk Management Program Development: Design and implement a comprehensive risk management framework tailored to the organization's needs. Establish risk assessment methodologies, including threat modeling and vulnerability scoring systems. Develop policies, procedures, and guidelines for risk identification, analysis, and mitigation. Create risk reporting structures and dashboards for effective communication to stakeholders. Risk Identification, Assessment, Analysis and Mitigation Strategy: Conduct initial organization-wide risk assessments to establish a baseline risk profile. Lead risk assessments to identify and prioritize security threats across systems. Prioritize and categorize identified risks based on potential impact and likelihood. Analyze the effectiveness of existing controls and recommend improvements. Collaborate with stakeholders to formulate risk treatment plans and mitigation strategies aligned with business objectives. Implement and oversee the execution of risk remediation initiatives. Control Assessment and Policy Alignment Develop and maintain a comprehensive inventory of security controls and associated policies across the organization. Perform gap analysis between existing controls/policies and industry best practices or regulatory requirements. Implement processes to regularly evaluate the effectiveness of security controls and adherence to established policies. Recommend improvements to controls and policies based on assessment findings. Collaborate with relevant teams to enhance or implement new controls and policies to address identified gaps. Risk-Aware Culture Cultivation: Drive pragmatic outcomes balancing risk with business objectives. Establish channels for risk reporting and feedback from employees across departments. Foster a culture of accountability in risk management across the organization. Collaborate with leadership to integrate risk considerations into decision-making processes. Continuous Improvement and Adaptation: Establish metrics and KPIs to measure the effectiveness of the risk management program. Regularly review and update the risk management framework to address emerging threats. Stay informed on industry best practices and regulatory changes to enhance the program. Foster partnerships with internal and external stakeholders to evolve risk management capabilities. What about the physical demands of the job? Regularly remaining in a stationary position, often standing or sitting for prolonged periods. Regularly communicating with others to exchange information. Regularly required to attend meetings in person and virtually using video and audio computer equipment. Regularly repeating motions that may include the wrists, hands and/or fingers, such as typing. Occasionally moving about to accomplish tasks or moving from one worksite to another. Occasionally light work that includes moving objects up to 20 pounds. Work Environment
(Usual office job) Hybrid work schedule (both on-site and remote). The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise. Our job titles may span more than one career level. The salary range for this role is between $77,400.00-$110,300.00. The actual salary offered to a candidate may be influenced by a variety of factors, such as training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at the
mywabtecbenefits.com
site. Other benefit offerings for this role may include an annual bonus, if eligible. Who are we? Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Wabtec is focused on performance that drives progress and unlocks our customers’ potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more. The official site is www.WabtecCorp.com. Our Commitment to Embrace Diversity Wabtec is a global company that embraces diversity and inclusion. We celebrate the variety of experiences, expertise, and backgrounds that bring us together. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.
#J-18808-Ljbffr
It’s not just about your career or job title… It’s about who you are and the impact you will make on the world. Because whether it’s for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you’re in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us. Who will you be working with? Join Enterprise Information Security (EIS) to drive cybersecurity excellence leveraging intelligence, strategic partnerships, and analysis. Collaborate daily with GRC, Architecture, Operations, and key Information Technology stakeholders to advance our information security capabilities. How will you make a difference? As a member of the ISA team, Wabtec is looking for a
Senior Cybersecurity Risk & Controls Analyst . This role reports to the ISA Sr Manager within EIS and will be responsible for building, developing, implementing, and operating a strategic Risk & Controls Management program to protect Wabtec and its stakeholders while supporting our strategic objectives. In this position, you will assume a leading role in driving the organization’s information security risk management efforts through the identification, assessment, and remediation of security risks, ensuring the protection of critical assets, the implementation of adequate security controls and compliance with legal, statutory, regulatory and contractual requirements. You will foster a risk-aware culture, promote awareness of security risks, and empower employees to contribute to the organization’s risk posture. You will collaborate cross-functionally with IT and Business stakeholders to develop and implement robust security strategies and practices, guiding the organization toward a mature and resilient security posture. What do we want to know about you? Must have: Bachelor’s degree in Business, Technology, Cyber Security, Technology Risk Management or related field or strong hands-on experience. 5+ years experience in Security & Risk management. Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly. Strong interpersonal skills. Knowledge of industry risk management frameworks, common mitigation practices, and organizational control management. Demonstrate professional skepticism to ensure evidence is sufficient when assessing relevant information security controls. Understanding of business processes, internal risk management strategies, IT controls, and how they interact together. Proficiency in process formulation and improvement. Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response. Proven strong written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management. Nice to have: ISO 27001 and NIST CSF knowledge is highly desirable. Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP). What will your typical day look like? Risk Management Program Development: Design and implement a comprehensive risk management framework tailored to the organization's needs. Establish risk assessment methodologies, including threat modeling and vulnerability scoring systems. Develop policies, procedures, and guidelines for risk identification, analysis, and mitigation. Create risk reporting structures and dashboards for effective communication to stakeholders. Risk Identification, Assessment, Analysis and Mitigation Strategy: Conduct initial organization-wide risk assessments to establish a baseline risk profile. Lead risk assessments to identify and prioritize security threats across systems. Prioritize and categorize identified risks based on potential impact and likelihood. Analyze the effectiveness of existing controls and recommend improvements. Collaborate with stakeholders to formulate risk treatment plans and mitigation strategies aligned with business objectives. Implement and oversee the execution of risk remediation initiatives. Control Assessment and Policy Alignment Develop and maintain a comprehensive inventory of security controls and associated policies across the organization. Perform gap analysis between existing controls/policies and industry best practices or regulatory requirements. Implement processes to regularly evaluate the effectiveness of security controls and adherence to established policies. Recommend improvements to controls and policies based on assessment findings. Collaborate with relevant teams to enhance or implement new controls and policies to address identified gaps. Risk-Aware Culture Cultivation: Drive pragmatic outcomes balancing risk with business objectives. Establish channels for risk reporting and feedback from employees across departments. Foster a culture of accountability in risk management across the organization. Collaborate with leadership to integrate risk considerations into decision-making processes. Continuous Improvement and Adaptation: Establish metrics and KPIs to measure the effectiveness of the risk management program. Regularly review and update the risk management framework to address emerging threats. Stay informed on industry best practices and regulatory changes to enhance the program. Foster partnerships with internal and external stakeholders to evolve risk management capabilities. What about the physical demands of the job? Regularly remaining in a stationary position, often standing or sitting for prolonged periods. Regularly communicating with others to exchange information. Regularly required to attend meetings in person and virtually using video and audio computer equipment. Regularly repeating motions that may include the wrists, hands and/or fingers, such as typing. Occasionally moving about to accomplish tasks or moving from one worksite to another. Occasionally light work that includes moving objects up to 20 pounds. Work Environment
(Usual office job) Hybrid work schedule (both on-site and remote). The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise. Our job titles may span more than one career level. The salary range for this role is between $77,400.00-$110,300.00. The actual salary offered to a candidate may be influenced by a variety of factors, such as training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at the
mywabtecbenefits.com
site. Other benefit offerings for this role may include an annual bonus, if eligible. Who are we? Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Wabtec is focused on performance that drives progress and unlocks our customers’ potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more. The official site is www.WabtecCorp.com. Our Commitment to Embrace Diversity Wabtec is a global company that embraces diversity and inclusion. We celebrate the variety of experiences, expertise, and backgrounds that bring us together. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.
#J-18808-Ljbffr