What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization ensures the confidentiality, integrity and availability of technology assets and information across all Verizon networks, systems and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.We are looking for a Security Risk Management professional to join our Information Risk Management team.

Responsibilities:

  • As part of the Corporate Information Security team, you will be assigned to a team to perform the following activities:
  • Evaluate new or modified end-to-end systems, processes and/or product versus internal security standards to identify risks that fall outside of VZ’s risk tolerances
  • Collaborate with the core business partners and other security teams to improve controls via creative process design which meet the evolving business needs for customer experience and efficiency.
  • Provide risk consulting and/or training to business and technical partners to improve business effectively protecting information and other projects and duties focused on efficient operations effective risk management
  • Provide guidance for new technologies and methodologies as business needs evolve.
  • Provide guidance, interpretation and education on specific security policies across requesting organizations related to their projects and applications.
  • Identify initiatives with risk areas that need specialized security expertise.
  • Additional responsibilities as assigned.

What we’re looking for...

You’ll need to have:

  • Bachelor’s degree or four or more years of work experience.
  • Four or more years of relevant work experience.
  • Willingness to travel.

Even better if you have:

  • Bachelor’s Degree in Computer Science, Information Security, Cyber Security, Risk Managementing, Applied Mathematics, Engineering or Information Technology.
  • Security certifications: GSEC, CISA, CISM or CISSP, or willingness to obtain within 9 months of start date.
  • Project management skills or PMP certification.
  • Experience creating and maintaining partnering relationships with business leaders at director and manager level with the capability to provide interaction and executive level communications.
  • Strong written, verbal and presentation communication skills and the ability to thrive in a dynamic environment handling multiple priorities.
  • Strong relationship skills and collaborative style to enable success across multiple partners.
  • Strong documentation, planning, negotiation, work prioritization and organizational skills.
  • Creating presentations, training material, network diagrams, reports, and templates.
  • Organizational, technical and cultural transformation and/or merger & acquisition experience.
  • Experience in a service and solution architecture of information technology services.
  • At least two years’ experience in Information Security, Technology or Technical Risk Analysis.
  • Understanding of cyber security risk management concepts, cyber security frameworks, secure coding principles, and security technologies.
  • Experience with implementation of industry standards: NIST, COBIT 5, ISO 20000 series, ISO 27000 series.
  • Ability in applying working knowledge of new technologies and methodologies to meet evolving environments and business needs.
  • Capability to understand and negotiate legal contractual language and effectively communicate with legal attorneys, business sponsors and sourcing teams.
  • Experience with IT and Technology Services Governance practices and processes, and solid business acumen.
  • Four or more years of experience in two or more of the following areas:
    • Technical security tools related experience (Active Directory, PowerBroker, Firemon, Tuffin, CyberArk, CA, Nessus & ArcSight or other security tools).
    • Process Improvement:
      • ITIL Certification with experience in Six Sigma process improvement related experience for cyber security management and/or IT service management.
      • Six Sigma Greenbelt or Lean certification or higher..
      • Release management process, system development life cycle (waterfall & agile) experience.
      • A base knowledge of databases, data mining and operating systems.
    • Automation:
      • Implementing sustainable process improvement via with tools, such as HP uCMDB, BMC, ServiceNow, BDNA, Archer, business intelligence solutions, vulnerability scanning tools, discovery and dependency mapping tools, and continuous integration and continuous delivery (CI/CD) lifecycle tools.
    • Technical Data and Modeling:
      • Related experience for designing and implementing control, assurance and data quality metrics.
      • Experience in a service and data, information based on EDM Council standards within a data modeling tool (ex. PowerDesigner, etc.).
      • Data architecture, modeling and integration experience with tools, such as HP uCMDB, BMC, ServiceNow, BDNA, Archer, business intelligence solutions, vulnerability scanning tools, discovery and dependency mapping tools, and continuous integration and continuous delivery (CI/CD) lifecycle tools.
    • Innovation:
      • Experience with writing high and low level designs for implementation of security and security-related processes, tools and systems such as: vulnerability scanning and management, IT and network asset identification, technology services, discovery and mapping, lifecycle automation (continuous integration/continuous delivery & deployment), technology procurement, outsourced technology and security integration, etc.
      • Experience in a service and solution architecture of information technology services.
    • Quantitative Risk Management:
      • Experience implementing quantitative risk methodologies.
      • Demonstrated experience integrating quantitative risk management best practices into business activities.
    • Third-Party Risk Management:
      • Experience in completing 3rd party risk assessments.
      • Demonstrated capability to understand and negotiate legal contractual language and effectively communicate with legal attorneys, business sponsors and sourcing teams.
    • Risk Consulting:
      • Experience driving informed decisions regarding protecting confidentiality, integrity, and availability of data and systems.
      • Experience with implementing security by design and com.
      • Experience in a service and solution architecture of information technology services.
      • Briefing technical vulnerabilities, system non-compliance with Information Security policies, and security incidents to management in a timely fashion.
      • Providing IT and technology services security consulting to system owners as to the other security documents (security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, contingency plans, etc.)

22CyberRISK

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.