What you’ll be doing...
As part of the Compliance team, the Information Security Risk Engineer will function as a Subject Matter Expert (SME) on security policies that comply with required laws, regulations, contracts and VZ Corporate policy with a core focus on Verizon’s CPI-810 and IT Security Requirements.
The Information Risk Engineer will review, interpret, and provide guidance related to security policy compliance with a particular focus on CPI-810 policies. They will work directly with the points of contact in internal audit, application development/support, Cloud Services and any other groups that require compliance decisions related to security policy. The candidate will partner with security leadership and application stakeholders to track, verify and report on security controls related to policy compliance. They will work with application, technical and business teams to inform and educate others on security policies, risks and threats.
- Align with key IT partners to evaluate their application / infrastructure portfolios against the most current security policies with a key focus on CPI-810 policies. Function as the primary Information Security liaison with assigned application/infrastructure teams regarding policy compliance and provide clear guidance across the application security points of contact and management teams regarding policy interpretation.
- Interpret and validate key CPI-810 based policy controls on a periodic but continuous basis across your assigned portfolio of applications. Own, track and drive non-compliance identified items across the responsible teams to successful and timely remediation plans while escalating lack of effective progress. Help the associated teams understand the information security risk factors based on data classification, technology, and functional purpose. Use this risk to help prioritize the highest risk items for remediation first.
- Work with other Information Security organizations (e.g. VESC PMO, Security Engineering, etc.) on any compliance policy updates or rewrites (with focus on CPI-810 policies) while ensuring the policy is effective, readable, and achievable while verifying procedural documentation is effective at validating the associated policy controls.
- Review policy exceptions submitted by various enterprise Verizon organizations with a focus on CPI-810 policies. Work with these teams to understand the business and technology drivers for requesting the policy exceptions and assess the associated security risks. Approve or deny these exceptions based on the risk assessment and the identified compensating controls required to maintain secure Verizon environments and processes.
- Provide clear readouts and reporting of compliance and non-compliance for assigned applications and controls including executive level presentations as required.
- Provide general guidance, interpretation and education on specific security policies (primarily CPI-810) across requesting organizations related to their assigned projects / applications.
- Identify initiatives with risk areas that need specialized security expertise.
- Consult with and provide compliance awareness to specialized security experts such as security architects, engineers, secure coding, PCI/CPNI, and/or Privacy specialist to obtain more specific requirements or design direction.
- Broker meetings as needed between project team members and specialized security experts when additional details are required or circumstances are unique or private.
- Participate in meetings with management and specialized security experts (SMEs) to provide assignment updates and areas of risk relevant to the broader security teams.
- Collaborate and build relationships with IT colleague’s core business partners for continued security education and awareness.
- Learn new technologies and methodologies as required and direction shifts including various Cloud technologies.
The scope of this position includes:
- Multiple IT lines of business for specific policy to application tracking, verification and assessment.
- All Verizon organizations for policy exception interpretations.
What we’re looking for...
You’ll need to have:
- Bachelor’s Degree or 4 or more years of work experience.
- 4+ years of IT or related experience.
- 3-5+ years in an Information Security, Software Development or Technical Support related position.
Even Better if you have:
- Bachelor’s Degree in Information Systems or related field required
- CISA/CISM or CISSP, or willingness to obtain within 6 months.
- Demonstrated understanding of Verizon CPI-810 policies and how they apply to SDLC or infrastructure practices.
- Overall understanding of the SDLC processes, both agile and traditional; coding and code promotion through all levels of testing as well as management of multiple non-production environments.
- A solid understanding of networking technologies and protocols.
- Knowledge of application architecture standards with prior experience functioning in a technical design or support role.
- A base knowledge of AWS and/or cloud technologies.
- A base knowledge of databases and operating systems.
- Knowledge of information security fundamentals, best practices and industry standards with prior responsibilities and knowledge related to protecting information assets.
- Ability to effectively communicate with Legal department attorneys and other supporting business / security groups such as Risk and Finance. Excellent written and verbal communication skills required.
- A solid understanding of Verizon business operations and core business applications and foundational technologies across the IT network.
- Familiar with IT Governance practices and processes, and solid business acumen.
- Experience preparing and providing executive level statuses and presentations using MS PowerPoint, Visio and Excel. Strong documentation and organizational skills required.
When you join Verizon...
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.
Equal Employment Opportunity
We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Click here for more info: http://www.verizon.com/about/work/jobs/2510462-information-security-risk-engineer
• Post ID: 46619017 nova