Security Risk Management Analyst Verizon
Ashburn, VA

Job Description

What you'll be doing...

This position will be part of Network Security Risk Management & Compliance team with emphasis on risk evaluation. The Risk Mitigation & Advisory sub-team is responsible for limiting exposure to the network infrastructure / platforms and will be focused on security risk mitigation. The team has duty to conduct security assessments for post-launch production platforms and to validate fixes for security findings. The Risk mitigation team will work with Network teams and systems owners to identify vulnerabilities, prioritize and implement action-plans in order to reduce risk to the network. The team in collaboration with system owners, will provide and drive remediation plans for each platform assessed. The team will evaluate expected network and access controls from the previous assessments backlog in accordance with corporate security policy. This is achieved through strategic partnership with business units while adhering to Enterprise Security objectives. The candidate will be responsible for improving network and platforms security postures by developing actionable risk mitigation plans, monitoring implementation of mitigation tasks and validating fix resolutions. The candidate is responsible for managing risk with a special focus on mitigation strategy. The candidate will also analyze metrics from a risk register and report on risk status for various platforms.

Responsibilities:

* Demonstrate knowledge and/or proven record of success in risk management principles or another technical domain related to Risk Management that is applied in the context of a broader Risk Management understanding.
* Contribute to the development of new subject matter or technical domain related to Risk Management.
* Demonstrate extensive abilities and/or proven record of success in the following areas: resolving multi-faceted problems by continuously applying significant independent judgement and by collaborating with others, balancing business stakeholders and a centralized cyber security organization; navigating a matrix organization, collaborating with multiple stakeholders across functional and technical skillsets
* Effectively navigate diverse perspectives and promote an inclusive and collaborative environment to realize beneficial security governance solutions.
* Faclitate security governance conversations with diverse security, IT and business stakeholders and help ensure positive and deliberate outcomes.
* Manage project tasks with urgency and purpose to allow for swift movement in developing governance related initiatives.
* Deliver and report key metrics to provide stakeholders situational awareness regarding enterprise control and standards adoption.
* Consistently deliver high quality work products that fully address the criteria for which they were intended.
* Deconstruct complex security processes and solutions to identify relevant risk areas, potential control points, and provide sound recommendations for risk treatment.
* As a contributor, take ownership for assigned areas of responsibility and effectively manage work load to meet team deadlines.
* Effectively communicate in written form and verbally to leadership and executives.

What we're looking for...

You'll need to have:

* Bachelor's degree or four or more years of work experience.
* Four or more years of relevant work experience.
* Experience with ISO 27001-2, NIST 800-53, or other security frameworks.

Even better if you have:

* A degree in Information Systems, Technology, Information Assurance, Information Security or related field.
* Knowledge of security testing tools used for network/ Web API/ applications, such as Nmap, Kali Linux, Nessus, Burp suite, and WebInspect.
* Certifications: CRISC, CISSP, CISM, GSEC.
* Knowledge of emerging technology/ regulations and the security governance implications.
* Experience implementing standards, policies and controls.
* Demonstrated knowledge of cyber security risk management concepts, cybersecurity frameworks, control standards, secure coding principles, and security technologies.
* Knowledge of information security fundamentals, best practices and industry standards with responsibilities of protecting information assets.
* Solid knowledge of Verizon business operations and knowledge of the foundational technologies used across environments.
* Experience in security risk management while considering business drivers and implications.
* Interpersonal skills and the ability to thrive in a team environment.
* Ability to develop creative and innovative solutions to complex business issues.

When you join Verizon...

You'll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America's fastest and most reliable network, we're leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we're about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.