MoveTheWorldForwardTogether

When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

The Information Risk Management (IRM) team assesses information risk onall Verizon initiatives, products, and applications. This includes internally developed applications (VZ GTS and business technical teams) as well as third party engagements. IRM is a key pillar of the broader CIS function.

We are looking for a dynamic Senior Manager, Security Risk Management to join our growing team.

Responsibilities:

  • Leading and managing the Information Risk Assessment team of analysts, in support of the enterprise-wide Information Risk Management (IRM) program.
  • Managing and executing the Verizon IRM framework across the function, coordinating with other security leadership, CIOs and the functional and business security leads, to ensure proper coverage and definition of roles.
  • Ensuring risk assessments are performed in line with the overall Corporate Information Security and IRM strategy, methodology, policy, standards, and management practices so that they are aligned with specific business-driven risk appetites and profiles, throughout the full system lifecycle.
  • Setting the vision aligned with the overall Corporate Information Security and Business strategies and priorities in support of business goals.
  • Developing comprehensive risk mitigation recommendations.
  • Supporting the delivery of Information Risk Management services and projects within an organizational structure consisting of direct reports, as well as through a matrix operating model.
  • Ensuring hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Verizon’s strategic needs.
  • Building the necessary internal relationships and communication networks among the broader information security team and line-of-business executives.
  • Supporting the definition and implementation of Information risk management methodologies and security controls in accordance with Verizon policy and control frameworks.
  • Monitoring external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc.

What we’re looking for...

You'll need to have:

  • Bachelor's degree or four or more years of work experience.
  • Six or more years of relevant work experience.
  • Experience in a combination of risk management, information security and technology.

Even better if you have:

  • A degree in Engineering, Information Technology or Computer Science.
  • Professional management certification in a related field such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Experience working with both qualitative and quantitative Information Risk Management frameworks.
  • Experience in building, training, and developing a high-performing team.
  • Knowledge of information risk management, cybersecurity and IT compliance technologies.
  • Knowledge of relevant legal and regulatory requirements.
  • Three or more years of people management experience.
  • Written and verbal communication skills.
  • Ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
  • Skills in financial/budget management, scheduling and resource management.