The IT GRC Associate role supports governance, risk, and compliance (GRC) activities for Digital and helps contribute to the overall Technology Risk program. The position focuses on learning core risk and security practices and keeping up with modern emerging technology trends while assisting with day-to-day execution and improvement efforts. Key responsibilities include supporting the maintenance and update of Digital policies, assisting with risk register updates, helping coordinate security awareness training activities, and promoting the use of compliance and automation tools. The role works closely with internal stakeholders to support strong security and risk controls across Digital initiatives. This position also provides hands-on experience by assisting with testing, configuring, and improving cybersecurity tools, while learning new technologies and processes to help deliver Digital initiatives. The role is ideal for someone eager to build foundational skills in technology risk, security, and compliance within a collaborative environment. II. Essential Duties and Responsibilities IT Risk Management: Support the identification, assessment, and tracking of cybersecurity, technology, and data risks by gathering information, maintaining documentation, and assisting with mitigation activities. Stay informed about changes in regulations, security best practices, emerging technologies, and company initiatives (including M&A activity) that may impact the organization’s IT governance, risk, and compliance posture. Continuous Monitoring: Support the implementation and adoption of continuous monitoring technologies and tools by assisting with configuration, documentation, testing, and user enablement activities. Help track usage and effectiveness of controls and contribute towards automating processes and generating efficiencies. Policy Governance: Support the creation and maintenance of policies and standards by assisting with documentation updates, stakeholder reviews, and version management. Help coordinate and support company wide implementation and adoption efforts. Compliance Management: Prepare draft compliance reports and dashboards detailing findings, mitigation progress, and expected timelines, log issues, and actively track remediation actions to closure. Assist with documenting management risk acceptance decisions in accordance with established processes and templates. Security and Awareness Training: Execute and support cybersecurity awareness activities by running phishing simulations, coordinating security training communications, assisting with awareness campaigns, and collecting results. Analyze participation and performance metrics and help prepare reports that demonstrate training effectiveness to leadership. III. Qualifications A. Required Qualifications Bachelor's Degree in Computer Science, MIS, or similar area of study . years of related experience may substitute for the Bachelor’s degree. B. Preferred Qualifications 1-2 years of previous experience preferred 1-2 years of experience in IT compliance with responsibilities involving interpretation of regulatory requirements (eg. SOX, PCI DSS, ERCOT, PII, CCPA, EPA etc.) and demonstrated success in translating them into actionable and sustainable compliance strategies. Recent exposure to Agentic AI tools and related governance strategies strongly preferred. C. Additional Knowledge, Skills, and Abilities preferred. Experience in the areas of change control, problem management, incident management troubleshooting security solutions. Technical understanding and awareness to security best practices to be implemented for modern systems such as Oracle ERP, AWS, and other agentic/ AI/ ML solutions. Familiarity/prior exposure to agentic AI tools and willingness to learn other tools. Strong verbal and written communication skills to work with cross-functional teams. IV. Physical Requirements. Listed below are key points regarding physical demands, physical and occupational risks, and the work environment of the job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of the job. Repetitive Motions. Eye/ Hand/ Foot Coordination. Sitting. Talking. Hearing Office: This job primarily operates in a professional office environment and routinely requires the use of standard office equipment such as computers, phones, copy machines, etc. V. Benefits At WM, each eligible employee receives a competitive total compensation package including Medical, Dental, Vision, Life Insurance and Short Term Disability. As well as a Stock Purchase Plan, Company match on 401 K, and more! Our employees also receive Paid Vacation, Holidays, and Personal Days. Please note that benefits may vary by site.