Security Risk Analyst Verizon
Irving, TX

Job Description

What you'll be doing...

Creating technologies to solve the world's biggest challenges is no small task. Join our Corporate Information Security Team focused on security frameworks and requirements, utilizing this knowledge to advise business units, support policy development, and conduct risk analysis.

You'll review, interpret, and provide guidance related to security frameworks (i.e. NIST, ISO, PCI) and identify information security risks associated with IT and business initiatives impacting Verizon IT networks, information assets and business operations. You will provide security consultation, direction, guidance and requirements to IT application leaders, business sponsors and 3rd party business partners that meet security policy requirements, standards, best practices and reduced risk.

You'll work with Security leadership and stakeholders to gain risk acceptance on information security risk matters when needed. You will also work with application, technical and business teams to inform and educate on security policies, risks and threats.

* Develop and analyze cyber assurance initiatives based upon industry standard cyber security frameworks and Verizon cyber security policies. Function as an information security liaison with business unit teams and provide clear guidance related to control implementation.
* Review new federal and state cyber security regulations, providing feedback to CIS and Legal. Based upon analysis develop recommendations on security controls to address gaps.
* Evaluate business unit implementation of key security frameworks and provide recommendations to address alignment.
* Work with architecture teams to understand enterprise solutions and impacts on security controls.
* Provide general guidance, interpretation and education on specific security policies (primarily CPI-810) across requesting organizations related to their assigned projects / applications.
* Determine if security or privacy risk factors exist and help associated teams understand the risk factors based on data classification, technology, and functional purpose. Use this risk to help prioritize remediation.
* Identify initiatives with risk areas that need specialized security expertise.
* Consult with and provide awareness to specialized security experts such as security architects, engineers, secure coding, PCI/CPNI, and/or Privacy specialist to obtain more specific requirements or design direction.
* Broker meetings as needed between project team members and specialized security experts when additional details are required or circumstances are unique or private.
* Participate in weekly meetings with management and specialized security experts (SMEs) to provide project updates and risk overviews.
* Collaborate and build relationships with IT colleague's core business partners for continued security education and awareness.
* Learn new technologies and methodologies as required and direction shifts including various Cloud technologies.