Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at:http://www.WabtecCorp.com.
It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.
Who will you be working with?
Our best-in-class Enterprise Information Security team combines knowledge of security services to areas within Information Technology and provide in-depth and highly technical information security consulting and services focused on the enterprise services IT provides to ensure confidentiality, integrity and availability of these systems.
How will you make a difference?
As a member of the Information Security Assurance team, you will be responsible for staying abreast of developments within the field and contribute to directional strategy by considering all present risks internally and externally. You’ll work with partners to drive thoughtful remediation and enhancements to the organization’s risk posture. This role requires advanced understanding of challenges and common threats. This person will be responsible for developing, implementing, and operating a strategic, risk-based program for the Enterprise Information Security Team.
What do we want to know about you?
You must have:
- Bachelor’s degree in Business, Technology, Cyber Security, Technology Risk Management or min. 4 years of equivalent experience.
- 4+ years experience within IT operations, IT Audit, Security or Risk management.
- Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly.
- Strong interpersonal skills.
- Knowledge of industry Risk management frameworks, common mitigation practices, and\ Organizational control management.
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls.
- Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together.
- Demonstrate proficiency in process formulation and improvement.
- Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response.
- Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management.
- ISO 27001 standard knowledge is highly desirable.
- Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP)
What will your typical day look like?
The ideal candidate will have experience building, operating, and maturing effective programs to manage Information Security Risks and their remediations.
- Comprehensive Risk Identification, Assessment & Analysis:
- Lead and conduct comprehensive risk assessment to identify, prioritize and quantify potential and existing security threats and vulnerabilities across the organization’s systems, network, and applications.
- Utilize risk analysis methodologies and tools to assess the effectiveness of existing security controls and identify areas for improvement.
- Provide expert guidance on risk mitigation strategies and control implementation to minimize exposure to security risks.
- Develop risk management methodologies tailored to the organization’s specific risk profile and business priorities.
- Collaborate with stakeholders to establish risk tolerance levels and develop risk mitigation plans.
- Risk Remediation Planning & Execution:
- Develop remediation plans based on the findings of risk assessments, prioritizing actions to address critical vulnerabilities and mitigate high-risk threats.
- Work closely with relevant stakeholders to implement security controls and measures to remediate identified risks effectively.
- Monitor the progress of remediation efforts and provide regular updates to management on the status of risk mitigation initiatives.
- Conduct post-remediation reviews and analysis to validate the effectiveness of remediation activities and identify any residual risks.
- Risk-Awareness Culture:
- Drive clear, concise, pragmatic outcomes with senior business and technology leaders that balance risk with business objectives.
- Develop and implement security awareness programs and initiatives to educate employees on security risks, best practices, and their role in maintaining a secure environment.
- Foster a culture of accountability and responsibility for information security by encouraging active participation in risk identification, reporting, and mitigation efforts.
- Promote open communication channels for reporting concerns and potential risks, and ensure timely resolution and escalation as needed.
- Business Awareness & Continual Improvement:
- Anticipate the needs of leadership and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.
- Maintain an external network to ensure our organization continuously analyzes new threats, trends, innovations, etc. to ensure our strategy and priorities stay appropriately aligned.
- Present balanced viewpoints of options and recommendations based on strong front-to-back understanding of existing capabilities and frameworks combined with a strong understanding of emerging technologies and best practices.
- Be curious about our business and seek to understand.
- Create an environment of continual improvement both inside and outside of direct team.
- Bring new ideas, methods, and approaches to this role. Leverage own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology
Physical Demands:
• Employee is required to work on a computer for up to 8 hours per day
• Employee may be in a sitting position for several hours per day
• Employee must be able to read small text on computer screens/monitors
• Employee is regularly required to talk and hear
Work Environment:
The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions, fumes or airborne particles, toxic or caustic chemicals, and loud noise.
Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.