Risk Analyst - Cybersecurity Risk & Controls jobs in United States
cer-icon
Apply on Employer Site
company-logo

Wabtec Corporation · 3 hours ago

Risk Analyst - Cybersecurity Risk & Controls

positionPittsburgh, PA
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$77K/yr - $110K/yr
date3+ years exp

Wabtec Corporation is a leading global provider of equipment, systems, and digital solutions for various markets. They are seeking a Senior Cybersecurity Risk & Controls Analyst to drive the organization’s information security risk management efforts and ensure compliance with security controls and regulations while fostering a risk-aware culture across the organization.

Railroad Manufacture
check
H1B Sponsor Likelynote

Responsibilities

Design and implement a comprehensive risk management framework tailored to the organization's needs
Establish risk assessment methodologies, including threat modeling and vulnerability scoring systems
Develop policies, procedures, and guidelines for risk identification, analysis, and mitigation
Create risk reporting structures and dashboards for effective communication to stakeholders
Conduct initial organization-wide risk assessments to establish a baseline risk profile
Lead risk assessments to identify and prioritize security threats across systems
Prioritize and categorize identified risks based on potential impact and likelihood
Analyze the effectiveness of existing controls and recommend improvements
Collaborate with stakeholders to formulate risk treatment plans and mitigation strategies aligned with business objectives
Implement and oversee the execution of risk remediation initiatives
Develop and maintain a comprehensive inventory of security controls and associated policies across the organization
Perform gap analysis between existing controls/policies and industry best practices or regulatory requirements
Implement processes to regularly evaluate the effectiveness of security controls and the adherence to established policies
Recommend improvements to controls and policies based on assessment findings
Collaborate with relevant teams to enhance or implement new controls and policies to address identified gaps
Drive pragmatic outcomes balancing risk with business objectives
Establish channels for risk reporting and feedback from employees across departments
Foster a culture of accountability in risk management across the organization
Collaborate with leadership to integrate risk considerations into decision-making processes
Establish metrics and KPIs to measure the effectiveness of the risk management program
Regularly review and update the risk management framework to address emerging threats
Stay informed on industry best practices and regulatory changes to enhance the program
Foster partnerships with internal and external stakeholders to evolve risk management capabilities

Qualification

Cybersecurity Risk ManagementRisk Assessment MethodologiesSecurity Controls KnowledgeISO 27001 KnowledgeNIST CSF KnowledgeGovernanceRisk CertificationProcess ImprovementWritten Communication SkillsOral Communication SkillsCollaboration Skills

Required

Bachelor's degree in Business, Technology, Cyber Security, Technology Risk Management or related field or strong hands-on experience
3+ years experience in Security & Risk management
Prior experience in IT or Cybersecurity, supporting systems or developing/supporting applications
Knowledge of technical controls and ability to describe them to business/system owners
Knowledge of industry Risk management frameworks, common mitigation practices, and Organizational control management
Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls
Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together
Demonstrate proficiency in process formulation and improvement
Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response
Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management

Preferred

ISO 27001 and NIST CSF knowledge is highly desirable
Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP)

Benefits

Health, welfare, and retirement
Annual bonus, if eligible

Company

Wabtec Corporation

twitter
Glassdoor3.7
company-logo
Wabtec is a leading global provider of equipment, systems, digital solutions, and value-added services.
dateFounded in 1869
location
Pittsburgh, Pennsylvania, US
people-size10001+ employees
web-link
http://www.wabteccorp.com

H1B Sponsorship

Wabtec Corporation has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (2)
2023 (2)
2022 (3)
2021 (4)
2020 (2)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Raj Gupta
President and CEO, Maintenance of Way
linkedin
leader-logo
Cherie Reardon, SPHR
Vice President, Human Resources - Engineering/Technology & Chief Technology Officer
linkedin

Recent News

Business Journals
Wabtec vacates operation at Neighborhood 91 and puts space up for sublease
2024-05-05
Swarajya
'We Believe That India Is The Largest Opportunity For Growth For Wabtec Corporation, Our Intent Is To Invest Significantly': Wabtec Senior Vice-President
2024-05-05
Investing.com
Earnings call: Wabtec reports a 13.8% increase in sales By Investing.com
2024-05-05
Company data provided by crunchbase