I've searched for Risk Analyst positions in Erie, PA focusing on cybersecurity risk management, requiring 5+ years of experience, available at mid-sized companies, and offering remote work options. I found 27 positions that match your criteria.

Sure. Here's the analysis:

Job Analysis:

The Risk Analyst - Cybersecurity Risk & Controls position at Wabtec is critical for safeguarding the company’s information security posture and ensuring compliance with regulations. The role involves developing, implementing, and managing a strategic Risk & Controls Management program that aligns with Wabtec's mission to revolutionize transportation solutions. Key responsibilities include risk identification, assessment, and remediation, where the candidate will need to navigate complex security landscapes and collaborate with various stakeholders across the IT and business sectors. This role requires strong analytical and interpersonal skills, as well as technical expertise in security frameworks (like ISO 27001 and NIST CSF). Success will be marked by the ability to foster a risk-aware culture within the organization, develop effective risk strategies, and communicate risks or remediation plans to executive leadership. Ultimately, the candidate will streamline processes and cultivate robust security practices that protect critical assets while driving Wabtec’s strategic objectives.

Company Analysis:

Wabtec Corporation operates in the transportation solutions industry, particularly focusing on freight and transit rail as well as related sectors. As a leading provider, Wabtec is positioned as a key innovator with extensive global reach, drawing on a rich history through its consolidation of entities like GE Transportation. The company emphasizes a culture of performance, innovation, and diversity, valuing every employee's contribution while focusing on lifelong learning and continuous improvement. This setting will influence the Risk Analyst role significantly, stressing the importance of proactive security measures that can adapt to evolving market dynamics. The organizational structure suggests that this role will work closely with various departments, enhancing its visibility and strategic influence. The company's commitment to diversity and inclusion means that candidates should be prepared to engage with diverse perspectives while building a robust risk management framework that aligns with corporate values and goals.

Absolutely. Here are some mock interview questions that could come up:

• Tell me about a time when you had to navigate a complex cybersecurity risk situation. What was your approach, and what were the outcomes?
• Can you describe an experience where you had to collaborate cross-functionally with IT and business stakeholders? What challenges did you face?
• Discuss a situation where you implemented a new security control. How did you ensure buy-in from the relevant teams?
• How do you prioritize risks when developing a risk management strategy? Can you provide a specific example?
• Describe your familiarity with ISO 27001 and NIST CSF. How have you applied these frameworks in your previous roles?
• What techniques do you use to assess the effectiveness of existing security controls?
• How would you approach conducting an organization-wide risk assessment at Wabtec?
• Imagine you're faced with a significant vulnerability that hasn't been addressed. How would you communicate this to upper management?
• Why do you want to work for Wabtec, and how do you see your values aligning with the company's mission?
• What do you believe is the quickest way to foster a culture of risk awareness within an organization?
• What questions do you have for us regarding how this role fits into the larger goals of Wabtec?
• How would you handle resistance from employees or management regarding new security policies or controls?
• What metrics would you establish to measure the effectiveness of the risk management program you would develop?