Cyber Risk Programs Security Consultant II ( 601131-1D )
When you join Verizon
Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Verizon Cyber Risk Programs (CRP) Security Consultant II, is an experienced resource who is assigned one or more clients and is expected to lead most client interactions and program delivery with support of a team. A CRP Security Consultant II is to provide the services (conducting security assessments, analysis, consultation, reports with recommendations) in accordance with the Verizon CRP service description, SOW and/or contractual requirements. The CRP Consultant II is expected to have a proficient understanding and focus in Information Assurance/Security, Cyber Security, Risk Management, Governance, Risk and Compliance, Enterprise System Auditing and hands on experience with a multitude of security management, monitoring and testing tools and platforms such as vulnerability scanners, phishing tools, threat intelligence dashboards, FW configuration review tools and wireless/IOT tools.
Primary responsibilities include, but not limited to:
- Serve as primary point of contact delivery Consultant and deliver the Cyber Risk Program (CRP) or Cyber Risk Monitoring Level 3 (CRM-L3) program to external customers.
- Perform research on cyber security & risk criteria, security systems, validation procedures and configure, schedule and perform assessments, threat analyses, and security checks.
- Analyze discovery scan data and vulnerability data to determine unusual use configurations, discovery of aged software, end-of life software, patch management validation and proper identification of high, medium and low severity vulnerabilities.
- Through the program assessment process, closely examine the relationship between people, processes and technology and their effects on information confidentiality, integrity, and availability in order to draft reports that contain priority of effort recommendations
- Perform both remote and onsite client activities such as policy, process and procedure reviews, wireless/IOT assessments and physical inspections of client office and data center facilities. This includes interviewing and surveying client stakeholders in order to validate technical and administrative controls.
- Helping customers work on their security & risk initiatives by advisory, and possibly work on some initiatives alongside with the customer.
Where you'll be working…
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
What we’re looking for...
You’ll need to have:
- Bachelor’s degree or four or more years of work experience.
- Four or more years of relevant work experience.
- Active CISSP certification or E-CEH, E-CIH, ISACA CISM, CISA, CRISC, CCSP, CCSK, GSEC
- Experience in both IT and Cyber Security.
- Four or more years of experience in Business, Computer Science, Information Systems or Cyber Security.
- Knowledge in Information Assurance/Security, Cyber Security, Risk Management, Governance, Risk and Compliance Assessments and/or Auditing, Enterprise System Auditing.
- Experience with a multitude of security management, monitoring and testing tools and platforms.
- Experience with presenting to technical staff, department leads, and executives (C-suite/Board of Directors to include preparing quarterly).
- Experience with executive summary Risk Reports and presenting to customer stakeholder teams.
- Willingness to travel up to approximately 50% of the time.
Even better if you have one or more of the following:
- Any of the following certifications: ISSP-ISSAP, E-CEH, E-CIH, ISACA CISM, CISA, CRISC, CCSP, CCSK, GSEC, GIAC, GPEN, CHFI or other cybersecurity related certifications.
- Oral and written communication skills to be able to articulate and communicate assessment findings and recommendations in a clear and concise manner to the appropriate target audience which may include project managers, program managers, and technical points of contacts and/or external/internal management stakeholders.
- Vendor specific certifications: Qualys, Tenable, Rapid 7, Digital Defense, Recorded Future, Firemon, Tuffin, and ProofPoint.
- Time management and prioritization skills.
- Ability to multitask between internal tasks, projects and time sensitive client related deliverables and tasks, and complete other duties as assigned by a supervisor (Principal Consultant/Team Lead, Manager, Sr. Manager).
- Knowledge of common frameworks such as ISO 27000, NIST CSF, NIST-800, GDPR, PCI-DSS, HIPAA, HITRUST, and CIS Controls.
- Experience with quantifying cyber security risk using threat likelihood, implementation state, and business impact variables in addition to prioritizing risk initiatives based on business need, compliance requirements, and/or industry best practice risk reduction methodologies.
- Experience with performing research on cyber security best practices, security systems, control validation procedures and system configurations.
- Experience with cybersecurity program assessment processes, closely examining the relationship between people, processes and technology and their effects on information confidentiality, integrity, and availability in order to draft reports that contain priority of effort recommendations
- Knowledge in the changing nature of the threat landscape and therefore understands the necessity of being able to adapt and respond appropriately to changing requirements and objectives.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
COVID-19 Vaccination Requirement
NYC candidates: Verizon requires new hires to be fully vaccinated against COVID-19 for onsite and hybrid NYC roles. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons). Additional information will be provided during the hiring process.