MoveTheWorldForwardTogether

When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.
The cybersecurity Governance, Risk and Compliance (GRC) organization is tasked with improving the security risk posture of information assets through effective contextual risk management, dynamic compliance management and driving improvements through effective end-to-end lifecycle management of policies and standards, as well as automation and effective management of key security controls. Through solid governance and a continuous compliance management capability, Cyber Security GRC helps the business and operational delivery teams drive risk-based, outcome-driven decisions and priorities across their portfolios and delivery solutions. You will work across a matrixed cyber security, technology services delivery and legal organization and across multiple business portfolios, to transform and implement a risk-focused continuous compliance and governance framework that helps prioritize key information security risks to ensure they are effectively managed per the various business and operational risk appetites. You will provide security consultation, direction and guidance that meets the security policy requirements, security standards and best practices and government and industry regulations. You will also inform and educate the application, technical and business teams on security policies, risks and threats to the organization.

  • Align with key partners to evaluate their application/infrastructure portfolios and security tool owners against the most current security policies.
  • Function as the primary Information Security liaison with portfolio teams regarding security policy compliance and provide clear guidance across the application security points of contact and management teams regarding policy interpretation.
  • Interpret and translate key security controls into a common automation based framework that allows information assets to be deemed in or out of compliance.
  • Track and drive non-compliance identified items across the responsible teams using a risk based approach based on the underlying controls and targeted information assets.
  • Help portfolio teams understand the information security risk factors based on data classification, technology, and functional purpose.
  • Work collaboratively with other Information Security organizations on any compliance policy and standards updates with a focus on ensuring the policy/standard is effective, readable, and achievable while verifying applicable procedural documentation is effective at validating the associated policy controls.
  • Review policy exceptions submitted by various enterprise Verizon organizations with a focus on internal security policies/standards and applying a risk based governance review and approval approach.
  • Provide general guidance, interpretation and education on specific security policies/standards across requesting organizations related to their assigned projects/applications.
  • Consult with and provide compliance awareness to specialized security experts such as security architects, engineers, SDLC process engineers, and risk analysts around both general security controls and regulatory (e.g. PCI, SOX, Privacy, etc.) to ensure proper control coverage and application is applied to new and existing systems.
  • Collaborate and build relationships within portfolio core business partners in conjunction with the Business Information Security teams for continued security education and awareness.
  • Learn new technologies and methodologies as required and direction shifts including various Cloud technologies.
  • Evaluate new or modified end-to-end systems, processes and/or product versus internal security standards to identify risks that fall outside of VZ’s risk tolerances.
  • Collaborate with the core business partners and other security teams to improve controls via creative process design which meet the evolving business needs for customer experience and efficiency.
  • Provide risk consulting and/or training to business and technical partners to improve business effectively protecting information and other projects and duties focused on efficient operations and effective risk management.

What we’re looking for...

You’ll need to have:

  • Bachelor’s degree or four or more years of work experience.
  • Four or more years of relevant work experience.
  • IT or related experience, such as Information Security, Software Development or Security Engineering.

Even better if you have one or more of the following:

  • Bachelor’s degree in Information Systems or related field
  • CISA, CISM, CISSP, CRISC, GSEC or similar certification or willingness to obtain within 9 months of start date.
  • Experience with DevOps concepts and DevSecOps tools.
  • Solid understanding and working knowledge of networking technologies and protocols.
  • Knowledge of application architecture standards with experience functioning in a technical design or support role.
  • Base knowledge of AWS and/or cloud technologies.
  • Base knowledge of databases and operating systems.
  • Knowledge of information security fundamentals, best practices and industry standards with experience and knowledge related to protecting information assets.
  • Excellent written and verbal communication skills, documentation and organizational skills.
  • Experience with Security Governance practices and processes including NIST, PCI-DSS, and SOX best practices.
  • Experience with risk management frameworks, including quantitative and qualitative methodologies
  • Experience across a broad set of security tools and guiding/interpreting/driving automated compliance efforts across information assets enabling a clear view of policy/standards compliance
  • Experience with Software-as-a-Service (SaaS) security and vendor security.
  • Experience preparing and providing executive level statuses and presentations
  • Proven ability to lead cross functional teams to successful conclusions/implementations. Experience resolving complex cross functional problems.