What you’ll be doing...

The Director, Information Risk Management is responsible for directing and managing the enterprise-wide Information Risk Management (IRM) program as a key pillar of the broader Verizon Corporate Information Security program. The Director, IRM is responsible for execution of strategy, policy, standards, and management practices to ensure that Verizon Information assets are adequately protected with acceptable controls and aligned with specific business-driven risk appetites and profiles, throughout the full system lifecycle. The Director, IRM is responsible for ensuring that system controls are established and maintained in accordance with Verizon policy and legal, regulatory or governance standards and requirements, and that resulting risks are aligned appropriately with the business and effectively managed.This position will report to the Executive Director, Information Risk Management & Cyber Security Strategy.

  • Lead the risk management functions of the Information security program by setting the vision and establishing direction across the global enterprise to ensure consistent and high-quality information security services are provided in support of business goals
  • Manage and execute the Verizon IRM program across the entire enterprise, coordinating with other security leadership, CIOs and the functional and business security leads to ensure proper coverage and definition of roles to support Verizon business objectives.
  • Develop a comprehensive risk mitigation program to ensure that risks throughout the Information Technology and IT Services environment are actively identified, assessed, tracked and resolved; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear
  • Work effectively with CIOs and business units to facilitate Information security risk assessment and risk management processes, and provide guidance on the level of risk that is present against the desired Verizon risk appetite
  • Manage the cost-efficient delivery of Information risk and governance services and projects within an organizational structure consisting of direct reports and dotted line reports. This includes ensuring hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Verizon’s strategic needs
  • Develop and implement key projects within assigned budgets ensuring program and project management processes and discipline are in place and evolve with changing standards
  • Define the information security risk management approach and operating model for Information Security in consultation with the CISO, CIOs and stakeholders, and aligned with second- and third-line security and compliance guidance
  • Build the necessary internal relationships and communication networks among the broader information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure continued alignment as required
  • Ensure Information security controls are defined and implemented in accordance with Verizon policy and control frameworks, and are designed to meet applicable Verizon standards and procedures
  • Ensure that security is embedded in the project delivery process by implementing the appropriate information security policies, practices and guidelines; where necessary, develop system specific practices and guidelines to ensure the effective delivery of security services
  • Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk
  • Support the development of an enterprise information security vision and strategy that is aligned to business outcomes, organizational priorities and ensure senior stakeholder buy-in and mandate is secured to deliver on that vision
  • Monitor the external threat environment for emerging threats, and revise the overall risk profile accordingly, advising relevant stakeholders on recommended courses of action

What we’re looking for...

  • 10+ years of experience in a combination of risk management, information security and technology leadership
  • Bachelor’s Degree in Engineering or Information Technology or equivalent experience. Master’s Degree in a technical discipline is preferred
  • A solid working knowledge of both qualitative and quantitative Information Risk Management frameworks
  • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization; proven leadership in advanced information systems combined with broad business acumen, which extends beyond the functional responsibilities of the role
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
  • Must be a critical thinker, with strong problem-solving skills; excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Proven track record of building, training, and developing a high-performing team; ability to lead and motivate the organization to achieve tactical and strategic goals in a matrix organization
  • Sound knowledge of business management and a working knowledge of information risk management, cybersecurity and IT compliance technologies; knowledge and understanding of relevant legal and regulatory requirements
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
  • Project management skills: financial/budget management, scheduling and resource management
  • Experience with contract and vendor negotiations

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.