Senior Principal - Security Risk Management

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

This position falls under the Corporate Information Security (CIS) organization supporting Technology Risk and Major Initiatives Risk. The Information Risk Management (IRM) department fulfills our mission to safeguard and enable the business by improving the enterprise security risk posture through engagement in IT and business initiatives that impact company networks, information assets, and business operations.

The IRM department works with IT application leaders, business owners and 3rd Party business partners to ensure the security requirements are fulfilled and risks are reduced. Our security risk analysts identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations.

The Technology and Major Initiatives Risk team supports IT and the enterprise in assessing new and emerging technologies and services as well as consulting services for highly complex initiatives and programs requiring cross-enterprise risk evaluation, mitigation, and remediation. The team is a center of excellence for delivering risk assessments requiring highly technical capability.

Additionally, security risk analysts inform and educate application, technical, and business teams on security policies, risks, and threats to the organization. Lastly, our security risk analysts oversee implementation of risk treatment strategies for risks exceeding tolerable risk thresholds determined through quantified risk reduction return on investment.

• Determine if security risk factors exist by engaging in business and IT initiatives to obtain and understand functional and technical requirements involving internal software development, use of third parties, new technologies or any use of information assets.
• Participate as a stakeholder representing Information Security in functional and technical requirements and design sessions via the agile and traditional software development methodologies.
• Specific attention to the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access and connectivity and functional purpose.
• Determine if other security or privacy risk factors exist due to the uniqueness of the initiative and evolving business ventures.
• Perform detailed risk assessment and provide risk reduction recommendations and security requirements and guidance to IT and business teams supporting the initiatives.
• Determine if any compensating controls are necessary due to inability to comply with the primary control requirements. Facilitate and help design compensating controls when needed.
• Complete and present to Security management and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
• Participate in weekly meetings with management and security team peers to provide project updates and risk overviews.

Where you'll be working:

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What we’re looking for...

You’ll need to have:

• Bachelor's degree.
• Six or more years of relevant work experience.
• Experience in an Information Security, Information Risk Management, Software Development/Technical Support related position.

Even better if you have:

• A Master’s degree in Information Technology, Cybersecurity, Cybersecurity Public Policy, or Cybersecurity Engineering.
• One or more of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Controls (CRISC), Certified Cloud Security Professional (CCSP), or Cisco Certified Network Associate (CCNA).
• Basic understanding of risk quantification methodologies.
• A thorough understanding of all stages of the SDLC process, from coding and code promotion through all levels of testing as well as management of multiple non-production environments.
• Knowledge of server and desktop application and operating system security (Win10, Mac, Linux) particularly any knowledge about securing Google products such as Chrome, G Suite, and ChromeOS/Android.
• Experience with Cloud security especially in AWS, Google Cloud Platform, or Azure.
• Experience with Software-as-a-Service (SaaS) security and vendor security in general.
• Familiarity with source code control systems (eg Git) and relevant security controls.
• Familiarity with DevOps concepts and especially DevSecOps tools.
• Knowledge of Big Data, AI (artificial intelligence) and ML (machine learning).
• Knowledge of relational and non-relational databases and understanding of the Open Systems Interconnection model.
• Knowledge of data security fundamentals and best practices with prior responsibilities of protecting information assets.
• A demonstrated ability to coordinate and lead productive working sessions with resources from multiple application and technology teams across the enterprise.
• Experience producing reference documentation for technical or business reference by using.

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

Verizon requires new hires to be fully vaccinated against COVID-19. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical, religious, or state law recognized reasons).