Security Risk Analyst ( 600719-1E )
When you join Verizon
Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
This position falls under the Corporate Information Security (CIS) organization supporting Technology Risk and Major Initiatives Risk. The Information Risk Management (IRM) department fulfills our mission to safeguard and enable the business by improving the enterprise security risk posture through engagement in IT and business initiatives that impact company networks, information assets, and business operations.
The IRM department works with IT application leaders, business owners and 3rd Party business partners to ensure the security requirements are fulfilled and risks are reduced. Our security risk analysts identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations.
The Technology and Major Initiatives Risk team supports IT and the enterprise in assessing new and emerging technologies and services as well as consulting services for highly complex initiatives and programs requiring cross-enterprise risk evaluation, mitigation, and remediation. The team is a center of excellence for delivering risk assessments requiring highly technical capability.
Additionally, security risk analysts inform and educate application, technical, and business teams on security policies, risks, and threats to the organization. Lastly, our security risk analysts oversee implementation of risk treatment strategies for risks exceeding tolerable risk thresholds determined through quantified risk reduction return on investment.
- Determine if security risk factors exist by engaging in business and IT initiatives to obtain and understand functional and technical requirements involving internal software development, use of third parties, new technologies or any use of information assets.
- Participate as a stakeholder representing Information Security in functional and technical requirements and design sessions via the agile and traditional software development methodologies.
- Specific attention to the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access and connectivity and functional purpose.
- Determine if other security or privacy risk factors exist due to the uniqueness of the initiative and evolving business ventures.
- Perform detailed risk assessment and provide risk reduction recommendations and security requirements and guidance to IT and business teams supporting the initiatives.
- Determine if any compensating controls are necessary due to inability to comply with the primary control requirements. Facilitate and help design compensating controls when needed.
- Complete and present to Security management and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
- Participate in weekly meetings with management and security team peers to provide project updates and risk overviews.
Where you'll be working…
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
What we’re looking for...
You'll need to have:
- Bachelor’s degree or four or more years of work experience.
- Four or more years of relevant work experience.
Even better if you have one or more of the following:
- A degree in Computer Science, Information Security, Cyber Security, Risk Management, Applied Mathematics, Engineering or Information Technology.
- Security certifications: GSEC, CISA, CISM or CISSP, or willingness to obtain within 9 months of start date.
- Project management skills.
- PMP certification.
- Experience identifying and performing data classification with the intent to ensure appropriate control and authorization are present.
- Quantitative Risk Management: Experience implementing quantitative risk methodologies and integrating them into business activities.
- Third-Party Risk Management: Experience in completing 3rd party risk assessments.
- Experience creating and maintaining partnering relationships with business leaders at director and manager level with the capability to provide interaction and executive level communications.
- Knowledge of cyber security risk management concepts, cyber security frameworks, secure coding principles, and security technologies.
- Experience with implementation of industry standards: NIST, COBIT 5, ISO 20000 series, ISO 27000 series.
- Release management process, system development life cycle (waterfall & agile) experience.
- Risk Consulting: Experience driving informed decisions regarding protecting confidentiality, integrity, and availability of data and systems.
- Experience briefing technical vulnerabilities, system non-compliance with Information Security policies, and security incidents to management in a timely fashion.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
COVID-19 Vaccination Requirement
NYC candidates: Verizon requires new hires to be fully vaccinated against COVID-19 for onsite and hybrid NYC roles. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons). Additional information will be provided during the hiring process.