Verizon Senior Security Risk Manager in Irving, Texas

What you’ll be doing...

This position will be part of the IT Information Security Office (ISO) supporting the Wireless Business Unit. The Wireless Security Risk team will be focused on improving the security risk posture through engagement in IT and business initiatives impacting the Wireless IT network, information assets and business operations. This position will identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations. The team will work with IT application leaders, business owners and 3rdParty business partners to ensure the security requirements are fulfilled and risks are reduced. When risk acceptance is requested the team will work with Security leadership and business stakeholders to gain risk acceptance on information security risk matters. Additionally the team will inform and educate the application, technical and business teams on security policies, risks and threats to the organization.

Responsibilities:

  • Engage in business initiatives to identify information security and privacy risk and provide risk reduction solutions that are balanced with meeting business objectives. Serve as a full partner to business teams.

  • Provide information security and privacy support to projects in business unit development pipelines; continue to identify less formal processes that institute change in the business.

  • Continually work to ensure the Risk Assessment team is involved in the software development lifecycle at optimal points so that project delivery is not negatively impacted.

  • Evangelize the need for information security and privacy engagement in projects to reduce corporate risks.

  • Risk assessment process involves a detailed review of all aspects of the project and its impact on security, including access controls; identity management; third party access; off shore access; data protections for SPI and CPNI data at rest, in transit, and in display; compliance to privacy policy, information security policies, SPs, PCI requirements, and CPNI requirements; establish logging requirements; establish encryption/truncation/masking requirements.

  • Exercise negotiation to lead a project to appropriate information security solutions, audience is various business teams (analysts, mangers, ADs, Dirs), IT developers, and IT architects; create strong relationships with project teams. It is critical that security solutions be presented as tools to aid in the achievement of business goals.

  • Review all in-process projects in order to triage projects based on risk characteristics.

  • Serve as information security and privacy experts to project teams. Support project teams throughout the lifecycle of the project to ensure a secure and timely implementation, includes reviews of RT/BRD, approach documents, and other available project documentation and the creation of test cases as necessary.

  • Proactively provide information security and privacy risk reduction solutions via requirements, risk reduction solutions should focus on best practices while balancing the needs of the business. Focus is always on solutions in order to make the business successful.

  • In conjunction with the VSO and Finance-Contracts team, review vendor contract language as part of project and provide specific information security and privacy language.

  • In cases where the business will be accepting an unacceptable level of risk, perform information security and privacy risk assessments which quantitatively explains the risk. The document is usually used as an escalation tool to senior executives to inform them of the risk. Document is also used as an education tool to the project teams and executives.

  • Lack of attention to detail or oversight of risks could lead to data breaches, regulatory violations, and or breach of contracts all of which could result in significant fines, negative publicity, and excessive costs and disruption associated with immediate remediation.

What we’re looking for...

You’ll need to have:

  • Bachelor’s degree or six or more years of work experience.

  • Six or more years of relevant work experience.

  • Experience in IT, and cyber/information security.

  • Security certification such as CISSP or willingness to obtain within 9 months of start date.

  • Knowledge of information security fundamentals, best practices and industry standards.

Even better if you have:

  • A degree.

  • Ability to lead a team of security professionals and effectively engage with IT and Business partners.

  • Knowledge of information security fundamentals, best practices and industry standards with prior responsibilities of protecting information assets.

  • A demonstrated ability to coordinate and lead productive working sessions with resources from multiple application and technology teams across the enterprise.

  • Ability to effectively communicate with Legal department attorneys and other supporting business groups such as Compliance, Sourcing and Finance.

  • Excellent written and verbal communication skills.

  • A solid understanding of Verizon business operations and a baseline knowledge of core business applications and foundational technologies across the IT network.

  • Familiarity with IT Governance practices and processes, and solid business acumen.

  • Experience preparing and providing executive level statuses and presentations using MS PowerPoint, Visio and Excel.

  • Prior experience producing reference documentation for technical or business reference.

  • Excellent documentation and organizational skills.

  • A demonstrated understanding of information security risk management concepts, security frameworks, and secure coding principles.

  • An understanding of the SDLC processes, both agile and traditional.

  • A solid understanding of networking technologies and protocols.

  • Knowledge of application architecture standards with prior experience in a technical design or architecture role.

  • Knowledge of databases and operating system concepts.

22CyberRisk

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

REQNUMBER: 489822-1B