When you join Verizon

Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

This position falls under the Corporate Information Security (CIS) organization that supports Verizon’s Global Technology Services (GTS) Business Unit and the Verizon enterprise. The Information Risk Management (IRM) department fulfills our mission to safeguard and enable the business by improving the enterprise security risk posture through engagement in IT and business initiatives that impact company networks, information assets, and business operations. The IRM department works with IT application leaders, business owners and 3rd Party business partners to ensure the security requirements are fulfilled and risks are reduced. Our security risk analysts identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations. Additionally, security risk analysts inform and educate application, technical, and business teams on security policies, risks, and threats to the organization. Lastly, our security risk analysts oversee implementation of risk treatment strategies for risks exceeding tolerable risk thresholds determined through quantified risk reduction return on investment.

  • Determine if security risk factors exist by engaging in business and IT initiatives to obtain and understand functional and technical requirements involving internal software development, use of third parties, new technologies or any use of information assets.
  • Evaluate new or modified end-to-end systems and evaluate inherent risk of human factors and associated process flow.
  • Assess these risks against internal security standards and develop appropriate mitigation strategies to reduce potential loss to within acceptable limits.
  • Participate as a stakeholder representing Information Security in functional and technical requirements and design sessions via the agile and traditional software development methodologies.
  • Assign a preliminary risk profile by identifying the information security risk factors based on data classification, design, and functional purpose and use.
  • Specific attention to the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access and connectivity and functional purpose.
  • Work with architecture teams to understand enterprise solutions and impacts on security controls.
  • Determine if other security or privacy risk factors exist due to the uniqueness of the initiative and evolving business ventures.
  • Perform detailed risk assessment and provide risk reduction recommendations and security requirements and guidance to IT and business teams supporting the initiatives.
  • Provide security requirements during planning sessions, functional and technical requirement sessions, user story creation and grooming, and technical design based on identified risks.
  • Determine if any compensating controls are necessary due to inability to comply with the primary control requirements.
  • Facilitate and help design compensating controls when needed.
  • Ensure requirements and design include approved strategic security technologies.
  • Complete and present to Security management and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
  • Broker meetings as needed between project team members and specialized security experts when additional details are required or circumstances are unique or private (under special NDA).
  • Participate weekly meetings with management and security team peers to provide project updates and risk overviews.

What we’re looking for...

You’ll need to have:

  • Bachelor's degree in Information Technology, Information Security, Information Assurance, or Cybersecurity or four or more years of experience
  • Four or more years of relevant work experience.
  • Experience in an Information Security, Information Risk Management, Software Development/Technical Support related position.

Even better if you have one or more of the following:

  • One or more of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), or Certified Cloud Security Professional (CCSP).
  • A thorough understanding of all stages of the SDLC process, from coding and code promotion through all levels of testing as well as management of multiple non-production environments.
  • Knowledge of server and desktop application and operating system security (Win10, Mac, Linux) particularly any knowledge about securing Google products such as Chrome, G Suite, and ChromeOS/Android.
  • Experience with Cloud security especially in AWS, Google Cloud Platform, or Azure.
  • Experience with Software-as-a-Service (SaaS) security and vendor security in general.
  • Familiarity with source code control systems (eg Git) and relevant security controls.
  • Familiarity with DevOps concepts and especially DevSecOps tools.
  • Experience with the security and governance of Big Data.
  • A base knowledge of relational and non-relational databases and understanding of the Open Systems Interconnection model.
  • Knowledge of data security fundamentals and best practices with prior responsibilities of protecting information assets.
  • Ability to effectively communicate with Legal department attorneys and other supporting business groups such as Compliance and Finance.
  • Excellent written and verbal communication skills , documentation and organization skills.