When you join VerizonYou want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
What you’ll be doing...
This position falls under the Verizon Cyber Security (VCS) organization that supports Verizon enterprise and Verizon’s Global Technology Services (GTS) Business Unit. The Information Risk Management (IRM) department fulfills our mission to safeguard and enable the business by improving the enterprise security risk posture through engagement in IT and business initiatives that impact company networks, information assets, and business operations. The IRM department works with IT application leaders, business owners and 3rd Party business partners to ensure the security requirements are fulfilled and risks are reduced. Our security risk analysts identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations. Additionally, security risk analysts inform and educate application, technical, and business teams on security policies, risks, and threats to the organization. Lastly, our security risk analysts oversee implementation of risk treatment strategies for risks exceeding tolerable risk thresholds determined through quantified risk reduction return on investment.
- Determining if security risk factors exist by engaging in business and IT initiatives to obtain and understand functional and technical requirements involving internal software development, use of third parties, new technologies or any use of information assets.
- Evaluating new or modified end-to-end systems and evaluating inherent risk of human factors and associated process flow.
- Assessing these risks against internal security standards and develop appropriate mitigation strategies to reduce potential loss to within acceptable limits.
- Participating as a stakeholder representing Information Security in functional and technical requirements and design sessions via the agile and traditional software development methodologies.
- Assigning a preliminary risk profile by identifying the information security risk factors based on data classification, design, and functional purpose and use.
- Specifying attention to the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access and connectivity and functional purpose.
- Working with architecture teams to understand enterprise solutions and impacts on security controls.
- Determining if other security or privacy risk factors exist due to the uniqueness of the initiative and evolving business ventures.
- Performing detailed risk assessment and provide risk reduction recommendations and security requirements and guidance to IT and business teams supporting the initiatives.
- Providing security requirements during planning sessions, functional and technical requirement sessions, user story creation and grooming, and technical design based on identified risks.
- Determining if any compensating controls are necessary due to inability to comply with the primary control requirements. Facilitate and help design compensating controls when needed.
- Ensuring requirements and design include approved strategic security technologies.
- Completing and presenting to Security management and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
- Participating weekly meetings with management and security team peers to provide project updates and risk overviews.
What we’re looking for...
You’ll need to have:
- Bachelor's degree or four or more years of work experience.
- Four or more years of relevant work experience.
- Experience in an Information Security, Information Risk Management, Software Development/Technical Support related position.
Even better if you have one or more of the following:
- One or more of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), or Certified Cloud Security Professional (CCSP).
- Knowledge of all stages of the SDLC process, from coding and code promotion through all levels of testing as well as management of multiple non-production environments.
- Knowledge of server and desktop application and operating system security (Win10, Mac, Linux) particularly any knowledge about securing Google products such as Chrome, G Suite, and ChromeOS/Android.
- Experience with Cloud security especially in AWS, Google Cloud Platform, or Azure.
- Experience with Software-as-a-Service (SaaS) security and vendor security in general.
- Experience with source code control systems (eg Git) and relevant security controls.
- Experience with DevOps concepts and especially DevSecOps tools.
- Experience with the security and governance of Big Data.
- Knowledge of relational and non-relational databases and understanding of the Open Systems Interconnection model.
- Knowledge of data security fundamentals and best practices with prior responsibilities of protecting information assets.
- Ability to effectively communicate with Legal department attorneys and other supporting business groups such as Compliance and Finance.
- Strong written and verbal communication skills, documentation and organization skills.
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.
Where you’ll be workingIn this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
Scheduled Weekly Hours40
Diversity and InclusionWe’re proud to be an equal opportunity employer. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.