Director of Security Architecture, BISO ( 576309-1E )
When you join Verizon
Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The New Business Incubation (NBI) Business Information Security Officer (BISO) is a critical member of the CISO leadership team, focused on enabling the secure delivery of new business incubation solutions that expand the Verizon strategic portfolio and leverage and/or complement Verizon core assets and services.
New Business Incubation is a team of explorers setting out to discover, build and scale the next generation of software business that will thrive in the 5G future. With portfolio investments in aerial and terrestrial robotics, location services, digital twinning and simulation, adaptive manufacturing and Industrial IoT, the team is comprised of full stack businesses that run like startups, with 80% of the team in a technical role.
We are looking for a transformational leader that inspires business enablement through a combination of creativity and strong security competency based on proven experience. This leader will define the cyber security strategy and service delivery roadmaps in joint collaboration with the NBI organization and senior leadership team. The BISO leader shall have significant working experience, knowledge and accreditation in the design, implementation and operation of security programs and controls that span following areas:
- Agile & DevOps Methodologies: Deep understanding of or experience as a contributing member of a balanced team within an Agile development or DevOps environment. Focus on security-as-code and continuous compliance practices.
- Application Security: Experience with the design of security controls for business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging.
- Infrastructure Security: Experience with the integration of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions.
- Cloud Security: Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud based solutions
- Operational Security: Experience with defining operational models and procedures for business solutions including the administration and maintenance of infrastructure and application security controls.
- Information Security Standards and Frameworks: Knowledge of common information security standards such as: ISO 27001/27002, NIST CSF, CSA and CIS Controls.
The NBI BISO Leader will oversee a team of security professionals responsible for:
- Dedicated point of engagement for cyber security matters and services for the NBI organization.
- Work closely with NBI leadership and stakeholders to pragmatically and quickly bring to market new products and provide thought leadership on improving security posture and customer expectations.
- Establish and direct the NBI information security program, and drive the overall strategy to support NBI business objectives and technology base.
- Policy and procedure interpretation and clarification and technical information security guidance to business leaders, data owners, project leads, application development teams, system operators and users.
- Advise and counsel to the business executives regarding key initiatives that could be impacted by compliance, risk or security issues.
- Consultants to the NBI organization regarding information security requirements, and recommendations on security capabilities that support the business.
- Govern and enforce the effective implementation of security practices across NBI portfolios.
- Define, implement and manage an agile security support model serving the NBI organization with an expected high degree of automation
- Closely partner with Corporate Information Security peers to leverage core cyber shared services to support the NBI security roadmap as needed.
- Communicate, oversee and deliver technical implementations of security solutions required to meet business objectives.
- Develop and drive effective risk management strategies across the NBI portfolio in conjunction with the overall Verizon cyber security strategy.
- Communicate security risks in business terms that can be clearly understood at all levels of the organization.
- Drive standard security processes and controls that meet evolving privacy, regulatory and contractual requirements.
Agile Operating Model:
- Define security architecture patterns for a dedicated NBI operating environment that supports the ability to quickly onboard and offboard technology partners with varying risk profiles while provide secure connectivity to Verizon core services and platforms
- Define a secure, low friction public cloud onboarding process and compliance management lifecycle
- Implement a DevOps Secure Software Development Lifecycle (SDLC) framework across the organization as it relates to product code and delivery, including security scanning, package signing, etc.
- Provide training, coaching, and expert consultation in secure development practices to the business and development teams.
NBI Incident Monitoring and Coordination:
- Work with Cyber Defense team, Fraud and other security monitoring teams to establish appropriate logging and monitoring of threat activity.
- Coordinate response to NBI security incidents, including the possibility for discussion of the event with customers and partners.
- Locally lead and be directly involved in the investigation and resolution of security events, and assist with business matters (legal, contractual, privacy, etc.) associated with such events.
What we’re looking for...
- 10+ years people management with a proven track record of building, training, and developing a high-performing team; ability to lead and motivate an organization of security professions to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
- 15+ years security experience; preferably in securing products and cloud platforms; with at least six years in a significant leadership role
- 10+ years of experience with leading information security frameworks such as ISO27001/2, NIST 800-53, and NIST CSF, CSA and CIS Controls.
- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization; proven leadership in advanced information systems combined with broad business acumen, which extends beyond the functional responsibilities of the role
- A thorough understanding of industry best practices in information security
- Experience assessing digital and cloud products to meet regulatory, legal and risk requirements
- Experience working on cross-functional teams including engineering, products teams, legal and security
- Experience performing risk and threat assessments as part of product development
- Extensive experience with agile methodology development
- Extensive exposure and experience with communicating and presenting to executive stakeholders including engineering, legal and C-suites.
- Experience effectively prioritizing work, juggling competing priorities and meeting deadlines in a fast-paced environment
- Bachelor’s degree in Security Engineering, Information Technology or Computer Science or equivalent work experience; Master’s Degree in a technical discipline is preferred
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.