InfoSec GRC Engineer III
San Francisco, CA

Job Description

Verisign, a global leader in domain name registry services and internet infrastructure, enables internet navigation for many of the world's most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce.

The Information Security & Compliance Team at Verisign is seeking a self-motivated, passionate, and results-driven Information Security professional to join a high-performing Governance, Risk, and Compliance (GRC) team. The Information Security GRC Engineer supports an enterprise-wide governance, risk, and compliance program focusing on security risk management, ensuring compliance with internal and external security requirements, and continuous improvement of security governance and security controls through collaborating with all groups across the organization.

Primary Responsibilities:

* Perform security risk assessments with an emphasis on cyber supply chain risk management, contract review, and cloud security


* Review contracts for security terms and conditions and prepare risk assessments to brief management on contract risks


* Create assessment reports that clearly communicate issues and risks from both a technical and business perspective


* Collaborate across multiple departments and stakeholders involved in the supply chain and procurement process


* Assist with the development and management of the enterprise information security policies, standards, and procedures


* Provide support for independent external security audits and proactively evaluate the organization's compliance with internal and external security requirements



Required Skills:

* Understanding of information security risks with third-party suppliers, and methods for managing supply chain risks


* Effectively communicate security requirements, assessment results, and remediation efforts to senior management


* Ability to understand and review information security related terms and conditions in contracts with third parties to identify security risks


* Ability to work in a cross-functional organization and act as a liaison between procurement and legal teams during the contract review process


* Act as an advocate for internal customers and business units to enable success while managing security risks


* Must be able to summarize and communicate technical data to a non-technical audience.


* Strong attention to detail and ability to create high quality work products suitable for executive-level review; excellent written and oral communication skills are required


* Must be highly-motivated, with a strong work ethic, and able to work effectively under supervision



Preferred skills and certifications:

* Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) are preferred


* Linux system administration and/or security engineering experience is a plus



Education and experience

* Bachelor's degree in Information Systems, Computer Science, or related field required


* 5 years progressively responsible experience in information security governance, risk, compliance, or security assessment/audit