Principal Cyber Risk Programs (CRP) Security Consultant

• Managing to serve as an escalation point of contact, subject matter expert and/or lead Consultant for Cyber Risk Program (CRP) or Cyber Risk Monitoring Level 3 (CRM-L3) program including Application &Cloud Security services to external customers.
• Performing regularly interface with external client technical and business POC’s and internal stakeholders such as Project Managers and Delivery Managers.
• Performing research on cyber security criteria, security systems, validation procedures and configure, schedule and perform vulnerability testing, threat analyses, and security checks.
• Understanding and determining to quantify cyber security risk using threat likelihood, implementation state, and business impact variables in addition to prioritizing risk initiatives based on business need, compliance requirements, and/or industry best practice risk reduction methodologies.
• Providing guidance and mentorship to consultants in order to determine and document enterprise-wide false positives, remediation strategy plans and risk acknowledgement forms.
• Performing both remote and onsite client activities such as policy, process and procedure reviews, wireless/IOT assessments and physical inspections of client office and data center facilities. This includes interviewing and surveying client stakeholders in order to validate technical and administrative controls.
• Preparing quarterly Executive Summary Risk Reports and lead final presentation and delivery to customer stakeholder team.
• Managing daily assigned tasks and program or project delivery activities while meeting minimum on time reporting and activity execution rates while also meeting both internal/external SLA requirements.
• Configuring and maintaining various customer profiles and security monitoring and testing tools as part of program delivery includes, but not limited to; vulnerability scanning solutions, firewall configuration review tools, phishing tools and threat intelligence databases.

Where you'll be working…

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

You’ll need to have:

• Bachelor’s degree or four or more years of work experience.
• Six or more years of relevant work experience.
• Experience in IT/Cyber, Application, or Cloud Security in a Governance, Risk and Compliance assessment/audit role.
• Experience in delivering and leading, technical services in cyber security governance, risk, compliance, audits, assessments, or support and delivery of IT/Cyber security services, methods practices.
• Experience in presenting to both technical engineers and to “C” level executives.
• Experience in translating information security controls, policies and requirements into actionable operational policies, processes & procedures and cyber security technology solutions.
• Experience in security tools and platforms related to Application or Cloud Security.
• Experience in delivering and leading, technical services in cyber security governance, risk, compliance, audits, assessments, or support and delivery of IT/Cyber security services, methods practices.
• Active CISSP certification.
• Willingness to travel up to approximately 25% of the time.

Even better if you have one or more of the following:

• Any of the following certifications: ISSP-ISSAP, E-CEH, E-CIH, ISACA CISM, CISA, CRISC, CCSP, CCSK, GSEC, GIAC, GPEN, CHFI, CCSP or other cybersecurity related certifications.
• Experience in Application or Cloud Security, risk and compliance with ability to adapt and map to multiple other frameworks.
• Masters in a relevant subject matter such as Cyber/Application or Cloud Security.
• Multiple industry recognized IT Security Certification / Certificates from SANS, ISACA, ISC (2), CSA, and vendors specific to Risk Assessments, Auditing & Risk Management, Cloud Security, Application Security, Vulnerability Management, Financial & HealthCare industry security and penetration testing.
• Experience in security controls, security and risk frameworks and tools/platforms such as Unified Compliance Frameworks, Alyne, ISO, NIST, VERIS, OWASP, FFIEC, FAIR, etc. and mapping of risk assessment activities to multiple risk and compliance frameworks.
• Experience in delivery or supporting large & complex global cyber security enterprise networks.
• Experience in public speaking and skills in developing and presenting cyber security topics to a diverse audience both in person and via “virtual” means such as web conferencing.
• Experience in Business or service design, development or scripting/programming.
• Experience in standard office applications such as Google Suite, Microsoft Office Suite, Slack, video/web conferencing tools and platforms.
• Experience in quantifying cyber security risk using threat likelihood, implementation state, and business impact variables in addition to prioritizing risk initiatives based on business need, compliance requirements, and/or industry best practice risk reduction methodologies.
• Experience in performing research on cyber security best practices, security systems, control validation procedures and system configurations.
• Good communication skills and to be able to articulate and communicate assessment findings and recommendations to the appropriate target audience.
• Experience in cybersecurity program assessment processes, closely examining the relationship between people, processes and technology and their effects on information confidentiality, integrity, and availability in order to draft reports that contain priority of effort recommendations.
• Knowledge of changing nature of the threat landscape and therefore understands the necessity of being able to adapt and respond appropriately to changing requirements and objectives.

“If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.”