What you’ll be doing...

As our Principal Security Engineer for Risk and Compliance, you will function as a Lead Subject Matter Expert (SME) on security policies that comply with industry standards, required laws, industry regulations, contracts and VZ Corporate policies with a core focus on Verizon’s CPI-810 and industry PCI – DSS security policies, standards, controls and requirements. You will provide IT based guidance and consultation on proper implementation of controls within the IT environment that will maintain security compliance.

As a senior level compliance team member you will lead application compliance reviews of critical or high risk applications related to both CPI-810 policies and PCI-DSS requirements while providing overall guidance to more junior members of the team. Regularly review, interpret, and provide guidance related to security policy compliance with a particular focus on CPI-810 policies and PCI-DSS requirements and their proper implementation within IT ecosystems and across vendor related integrations.

Work directly with the points of contact in internal audit, application development/support, Cloud Services, Security Engineering, Threat Management Center and any other groups that require security based compliance guidance and interpretations related to security policies and requirements. Work with security leadership and application stakeholders to effectively track, verify and report on security controls related to policy compliance. Work with application, technical and business teams to inform and educate others on security policies, risks, threats and any changes in these spaces. Work with the PCI – Governance Council members to provide PCI – DSS requirement changes and reviews/champions enhancements for council review that impact Verizon’s PCI scope and risk posture. Support and drive 3rd party reviews for PCI-DSS compliance.

  • Lead the evaluation of application and infrastructure portfolios against the most current security policies with a key focus on CPI-810 policies and PCI – DSS requirements.
  • Function as the Information Security primary point of contact with assigned application/infrastructure/security teams regarding policy compliance and provide clear guidance across the application security points of contact, PCI – Governance Council members and management teams regarding policy interpretation and associated risks due to non-compliance.
  • Interpret and validate key security controls on a periodic but continuous basis across your assigned portfolio of applications while providing guidance to other members of the IT Security Compliance team for similar evaluations of business critical high risk applications.
  • Own, track and drive non-compliance identified items across the responsible teams to successful and timely remediation plans and escalate non-compliance issues to the remediation leadership team to ensure proper focus and visibility.
  • Educate and evangelize the associated teams on information security risk factors based on data classification, technology, required controls and functional purpose. Use this risk to help prioritize the highest risk items for remediation first.
  • Act as a focal point for the IT Security Compliance Organization and work across the other Information Security organizations (e.g. Security Governance, PCI – Governance Council, IT Security – Risk, Vendor Assurance, Security Engineering, etc.) to drive any required compliance policy updates or rewrites (with focus on CPI-810 policies and PCI requirements) while ensuring that policy updates are effective, readable, and achievable.
  • Provide review and guidance with all security procedural documentation to ensure it is effective and clearly communicates the associated policy controls.
  • Review policy exceptions submitted by various enterprise Verizon organizations with a focus on security policies, controls, requirements and industry related requirements (e.g. PCI-DSS, GDPR, etc). Work with these teams and more junior security team members to understand the business and technology drivers for requesting the security exceptions and assess the associated security risks while developing compensating controls that reduce or minimize these risks. Approve or deny these exceptions based on the risk assessment and the identified compensating controls required to maintain secure Verizon environments and processes.
  • Provide clear readouts and reporting of compliance and non-compliance for assigned applications and enhancements. As a member of the PCI Compliance team, assess enhancement changes against current PCI standards and requirements. Recommend solutions and changes that will meet PCI-DSS compliance and assess risk related to those changes to ensure changes representing higher risks are properly reviewed by the PCI – Governance Council for final approval.
  • Gather information across multiple portfolios and provides executive level presentations that provide an accurate representation of the associated compliance area.
  • Act as a point of contact with the Verizon Threat Management Center and Internal Audit teams to lead the assessment and subsequent remediations across multiple IT and Business teams for high impact security events as assigned and drive the associated mitigations to successful closure while escalating, negotiating and tracking the remediations to a satisfactory conclusion. Provide executive level status and reports that demonstrate effective progress.
  • Consult with and provide compliance awareness / guidance to specialized security experts such as security architects, application security engineers, Vendor Assurance, and Security Governance
  • Collaborate and build relationships with IT leadership teams, IT Technical teams, Information Security Team members, Information Security Officers and core business partners for continued security education and awareness. Deliver education awareness surrounding high impact security compliance areas like PCI-DSS.
  • Actively learn new technologies, security frameworks and IT/Security methodologies and bring this information back to the broader IT Security teams to ensure team members can effectively adapt to a changing landscape.
  • Work with your manager to periodically assess the effectiveness of security controls and recommend organizational and process changes to achieve more effective and efficient delivery of IT Security Compliance.

What we’re looking for...

You'll need to have:

  • Bachelor's degree in Information Systems or related field; or four or more years of work experience.
  • Six or more years of relevant work experience.
  • Experience in an Information Security related position.
  • Knowledge of and experience with applying security policies to SDLC or infrastructure practices and assessing security risks.
  • Knowledge of the SDLC processes, including both agile and traditional waterfall.
  • Knowledge of networking technologies and protocols.
  • Knowledge of application architecture standards with experience in a lead technical development or support role.

Even better if you have:

  • Master’s degree or similar advanced degree.
  • Six or more years of experience in an Information Security related position.
  • Demonstrated knowledge and application of PCI-DSS requirements across a moderate to large PCI footprint including a strong understanding of credit card payment processing flows, critical payment systems and variations by payment card brands.
  • CISSP certification or willingness to obtain within 12 months of start date.
  • PCIP certification or willingness to obtain within 6 months of start date.
  • Familiarity with IT Governance practices and processes including NIST CSF and a solid business acumen.
  • A base knowledge of AWS and/or other cloud technologies.
  • Demonstrated knowledge of complex information security concepts, best practices and industry standards with prior responsibilities related to protecting information assets.
  • Strong knowledge of encryption methodologies.
  • Demonstrated capability to effectively communicate with Technical leads/architects, Legal department attorneys and other supporting business / security groups such as IT Security Risk, Information Security Officers and Finance Operations.
  • Strong knowledge of databases and operating systems.
  • Demonstrated excellent written and verbal communication skills.
  • Experience preparing and providing executive level statuses and presentations using MS PowerPoint, Visio and Excel (or equivalent).
  • Excellent documentation and organizational skills.
  • Proven ability to lead cross functional teams to successful conclusions/implementations. Experience resolving complex cross functional problems.


When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.