Information Security Risk Engineer
Posted on: January 15, 2019
What you'll be doing...
As part of the Compliance team, you will function as a Subject Matter Expert (SME) on security policies that comply with required laws, regulations, contracts and Verizon Corporate policy with a core focus on Verizon's Information Security Policies and Requirements.
You will review, interpret, and provide guidance related to security policy compliance with a particular focus on Information Security policies. You will work directly with the points of contact in internal audit, application development/support, Cloud Services and any other groups that require compliance decisions related to security policy. You will partner with security leadership and application stakeholders to track, verify and report on security controls related to policy compliance. You will also work with application, technical and business teams to inform and educate others on security policies, risks and threats.
- Align with key IT partners to evaluate their application/infrastructure portfolios against the most current security policies.
- Function as the primary Information Security liaison with assigned application/infrastructure teams regarding policy compliance and provide clear guidance across the application security points of contact and management teams regarding policy interpretation.
- Interpret and validate key Corporate Policy controls on a periodic but continuous basis across your assigned portfolio of applications.
- Own, track and drive non-compliance identified items across the responsible teams to successful and timely remediation plans while escalating lack of effective progress.
- Help the associated teams understand the information security risk factors based on data classification, technology, and functional purpose. Use this risk to help prioritize the highest risk items for remediation first.
- Work with other Information Security organizations (e.g. Security Governance PMO, Security Engineering, etc.) on any compliance policy updates or rewrites (with focus on internal security policies) while ensuring the policy is effective, readable, and achievable while verifying procedural documentation is effective at validating the associated policy controls.
- Review policy exceptions submitted by various enterprise Verizon organizations with a focus on internal security policies.
- Work with these teams to understand the business and technology drivers for requesting the policy exceptions and assess the associated security risks. Approve or deny these exceptions based on the risk assessment and the identified compensating controls required to maintain secure environments and processes.
- Provide clear readouts and reporting of compliance and non-compliance for assigned applications and controls including executive level presentations as required.
- Provide general guidance, interpretation and education on specific security policies across requesting organizations related to their assigned projects/applications.
- Identify initiatives with risk areas that need specialized security expertise.
- Consult with and provide compliance awareness to specialized security experts such as security architects, engineers, secure coding, PCI/CPNI, and/or Privacy specialist to obtain more specific requirements or design direction.
- Broker meetings as needed between project team members and specialized security experts when additional details are required or circumstances are unique or private.
- Participate in meetings with management and specialized security experts (SMEs) to provide assignment updates and areas of risk relevant to the broader security teams.
- Collaborate and build relationships with IT colleague's core business partners for continued security education and awareness.
- Learn new technologies and methodologies as required and direction shifts including various Cloud technologies.
What we're looking for...
You'll need to have:
- Bachelor's degree or four or more years of work experience.
- Four or more years of relevant work experience.
- IT or related experience, such as Information Security, Software Development or Security Engineering.
Even better if you have:
- Bachelor's degree in Information Systems or related field.
- CISA/CISM or CISSP, or willingness and eligibility to obtain.
- Overall understanding of the SDLC processes, both agile and traditional; coding and code promotion through all levels of testing as well as management of multiple non-production environments.
- Solid understanding and working knowledge of networking technologies and protocols.
- Knowledge of application architecture standards with experience functioning in a technical design or support role.
- Base knowledge of AWS and/or cloud technologies.
- Base knowledge of databases and operating systems.
- Knowledge of information security fundamentals, best practices and industry standards with experience and knowledge related to protecting information assets.
- Ability to effectively communicate with Legal department attorneys and other supporting business/security groups such as Risk and Finance.
- Excellent written and verbal communication skills.
- Solid understanding of Verizon business operations and core business applications and foundational technologies across the IT network.
- Familiarity with IT Governance practices and processes, and solid business acumen.
- Experience preparing and providing executive level statuses and presentations using MS PowerPoint, Visio and Excel.
- Strong documentation and organizational skills.
When you join Verizon...
You'll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America's fastest and most reliable network, we're leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we're about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.
Equal Employment Opportunity
We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.
Keywords: Verizon, Irving , Information Security Risk Engineer, Engineering , Irving, Texas
Didn't find what you're looking for? Search again!