Security Risk Analyst

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

As a Security Analyst, you’ll review documentation such as High-Level Designs, Low-Level Designs, Data Flow Diagrams, Operating Manuals, Product Release Notes, and other applicable documentation. In addition to participating in project calls, analysts will conduct interviews to clarify any outstanding questions about the project and its documentation.

Analysts conduct risk management as detailed in the Risk Management team’s documentation, producing a threat model, scope of work (for a penetration test), and a risk assessment report. The analyst will provide suggested mitigating controls, evaluate findings and adjust them based on previous expertise, standard rating guidance, compensating controls, and future state controls. The analyst will walk a project team through their risk assessment report, including outstanding findings as well as suggested methods of remediation.

Risk Analysts will initially be assigned to average (and occasionally large) sized projects of average complexity and will work with NI PMs, ME, and solution vendors as necessary. The selected candidate for this role will further be an extension of the management team and make good decisions for the company.

• Follow standard operating procedures for the Risk Management team.
• Engage in new project assignments and provide regular updates.
• Provide process feedback to project teams who are looking for requirements or design work (directing them to those appropriate teams).
• Consume project documentation using standardized document requests.
• Conduct SME interviews.
• Create a Threat Models.
• Execute on scanning needs as necessary/available for the project.
• Create a Scope of Work when one is needed for penetration testing.
• Engage internally for project feedback.
• Orchestrate penetration testing by facilitating our penetration test vendors’ access.
• Track projects, including all artifacts received and created, in the team’s tracker.
• Create a Risk Assessment Report capturing risks and vulnerabilities discovered during the assessment process, penetration test, documentation review, SME interviews, and any received from compliance assessments.
• Perform a project read-out explaining the findings and suggestions for remediation.
• Track remediation efforts.

Where you’ll be working:

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

22CyberRISK

What we’re looking for...

You have passion and excitement for Information and Cyber Security and the willingness to learn and build as much knowledge as possible in a fast-paced dynamic environment.

At Verizon, we continuously strive to improve the security posture of The Network. You’ll be part of a very well knit and energetic team of security risk analysts with a variety of backgrounds. The ideal candidate will mesh well with this high performing team and add to their capabilities by complimenting their technical knowledge.

You'll need to have:

• Bachelor’s degree or four more years of work experience.
• Four or more years of relevant work experience.
• One or more years of combined relevant work experience in a cyber security field.
• Experience using Excel and/or other reporting tools.

Even better if you have one or more of the following:

• Master’s degree.
• Experience with container technologies (e.g., K8s, OpenShift, Webscale).
• Experience with risk management (e.g., FAIR).
• Analytical and communication skills.
• Certifications (e.g., CISSP, CISA, CRISC, ITIL).
• One or more years of experience with IBM’s OpenPages and Cognos solutions.

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

NYC candidates: Verizon requires new hires to be fully vaccinated against COVID-19 for onsite and hybrid NYC roles. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons). Additional information will be provided during the hiring process.