Principal Security Risk Analyst
When you join Verizon
Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Security Risk Management Engineer, you will work to conduct risk assessments on both Consumer and Business products and solutions. You will have in-depth experience across the Security and Compliance domain and the ability to apply this knowledge to drive cross-organizational initiatives. As a senior individual contributor, you will be responsible to conduct risk assessments, develop action plans to improve application security posture.
You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group.
- Working with application teams managing activities related to CPI-810 and SSDLC compliance and tracking of risk items resulting from Vulnerability scanning, Threat Modelling or Pentesting.
- Liaising with and offer direction in the related compliance functions to application developers and leaders throughout the Verizon Consumer Group/Verizon Business Group.
- Analyzing trends in the threat and compliance environment, understand changes to the threat landscape and its impact on prioritizing risk, develop and execute plans for risk treatment.
- Providing leadership in implementation of an end to end risk management lifecycle from risk identification, assessment, mitigation, monitoring, reporting and closure.
- Analyzing trends in threat and compliance environment, develop and execute plans for mitigation of risk.
- Acting as a focal point during the implementation & delivery of multiple Security projects.
- Managing security exceptions process against cyber risk.
- Leading efforts to promote security awareness including newsletters and knowledge sharing sessions.
- Producing reports and presentations outlining issues, action plans and overall compliance status of the portfolio.
- Communicating progress, findings, and ensure successful resolution of issues.
- Building relationships with program leads, developer, operations and CISO teams to understand how to develop plans that effectively manage security risks.
- Defining and manage KPIs designed to measure effectiveness and incorporate continuous improvements to the risk management practice.
- Articulating and summarize risk assessment outputs at the executive level.
Where you'll be working...
In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.
What we’re looking for...
You’ll need to have:
- Bachelor's degree or four or more years of work experience.
- Six or more years of relevant work experience in performing cyber risk assessment or compliance related activities.
- Knowledge of risk management methodologies and frameworks, including but not limited to NIST, ISO, COBIT, FAIR and others.
Even better if you have one or more of the following:
- Industry Certifications such as CISSP, CISM.
- Two or more years of experience with NIST frameworks.
- Ability to articulate risk in business terms and provide risk treatment advice balancing mitigation cost with risk severity.
- Knowledge of Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.
- Agile software development and Project management experience.
- Ability to clearly communicate technical concepts to all audiences.
- Ability to drive change & manage multiple projects.
- Knowledge of security community such as research, published CVEs, bug-bounty recognitions, open-source projects, blogs or publications.
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.