Clean Harbors is a dynamic and innovative company leveraging cutting-edge technologies to drive business success. We are seeking a dynamic and experienced Risk Controls Analyst. As a Risk & Controls Analyst in Cybersecurity, you’ll play a key role in identifying and mitigating cybersecurity risks to meet the firm’s standards. You’ll serve as a subject matter expert, providing technical guidance ensuring that controls are working effectively and align with regulatory, legal, and industry requirements. Collaborating with stakeholders such as Program Owners and Business Managers. You’ll help provide a comprehensive view of the technology risk posture and its business impact. With your understanding of risk management principles, you'll drive innovative solutions in navigating the constantly evolving risk landscape. **Why work for Clean Harbors?** + **Health and Safety is our #1 priority, and we live it 3-6-5!** + Competitive wages and robust career growth opportunities. + Comprehensive health benefits coverage after 30 days of full-time employment. + Group 401K with a company matching component. + Generous paid time off, company-paid training, and tuition reimbursement. + Positive and safe work environments, with sustainability as a core value. · Develop, implement and maintain a policy management lifecycle process, including developing, implementing and communicating security policies, procedures, standards, best practices, guidance and controls. · Build and maintain strong relationships with platform owners, becoming a trusted partner to drive cross-functional collaboration and progress toward shared objectives. · Continuously monitor and assess control performance, identify gaps, and recommend improvements to strengthen risk posture and ensure regulatory compliance. · Able to work independently with minimal guidance and act as coach to other team members as necessary. · Responsible for building and operating our vendor security risk management processes: risk assessment design and execution, risk treatment, issue and action management portfolio oversight, insight analysis, and reporting. · Additionally support the team and our current security tool sets including EDR, Email Filtering, Privileged Access Management, Vulnerability Management and Brand/Reputation Protection. · Managment/maintenance of Written Information Security Policy · 2+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation · Familiarity with risk management frameworks, industry standards, and regulatory requirements with a focus on NIST 800-171 · Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies