Sign in
Candidate registration
Candidate registration
Employer registration
Login
Forgot password
Forgot password
Sign in
Candidate registration
Sign in
Employer registration

Principal Security Risk Manager job in Irving

Show me jobs like this one

Verizon jobs
Country:  United States
State:  Texas (TX)
City:  Irving
Address: 
Job Category:  Consultant
What you'll be doing...
You will be part of the VBT IT Information Security Office (ISO) supporting the VES/VBM/VPS Business Units. The VES/VBM/VPS Security Risk team will be focused on improving the security risk posture through engagement in IT and business initiatives impacting the VES/VBM/VPS IT network, information assets and business operations. You will identify information security risks associated with the implementation plans of IT initiatives and provide security consultation, direction and guidance that meet the security policy requirements, security standards and best practices, and government and industry regulations. The team will work with IT application leaders, business owners and 3 rd Party business partners to ensure the security requirements are fulfilled and risks are reduced. When risk acceptance is requested the team will work with Security leadership, IT leadership and business stakeholders to gain risk acceptance on information security risk matters. Additionally the team will inform and educate the application, technical and business teams on security policies, risks and threats to the organization.
  • Providing risk analysis support across all portfolio partners enterprise-wide including VES/VBM/VPS providing process guidance, complex risk assessment with overall risk team support. Leveraging knowledge to ensure that all team members are aware of specific client security requirements.
  • Determining if security risk factors exist by engaging in business and IT initiatives to obtain and understand functional and technical requirements involving internal software development, use of third parties, new technologies or any use of information assets.
  • Building relationships with the business and representing Information Security in functional and technical requirements and design sessions via the agile and traditional software development methodologies.
  • Designing and implementing a preliminary risk profile by identifying the information security risk factors based on data classification, design, and functional purpose and use.
  • Partnering with architecture and design teams to understand enterprise solutions and impacts on security controls.
  • Providing specific attention to the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access and connectivity and functional purpose.
  • Determining with business partners and risk team members if other security or privacy risk factors exist due to the uniqueness of the initiative and evolving business ventures.
  • Completing detailed risk assessment and providing risk reduction recommendations and security requirements and guidance to IT and business teams supporting the initiatives.
  • Providing security requirements during planning sessions, functional and technical requirement sessions, user story creation and grooming, and technical design based on identified risks.
  • Determining if any compensating controls are necessary due to inability to comply with the primary control requirements. Facilitating and helping design compensating controls when needed.
  • Ensuring requirements and design include approved strategic security technologies.
  • Completing and presenting to Security management and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
  • Identifying initiatives with risk areas that need specialized security expertise and keeping security leadership informed and team members updated.
  • Brokering meetings as needed between project team members and specialized security experts when additional details are required or circumstances are unique or private (under special NDA).
  • Participating in weekly meetings with management and security team peers to provide project updates and risk overviews.
  • Gathering data from risk team members to provide weekly written status reports to Security and IT leadership on key security related work and risks.
  • Mentoring, training and advising junior level risk analysts. Refining and improving internal processes and process with business partners to gain efficiencies and provide better security engagement.
What we're looking for...
You'll need to have:
  • Bachelor's degree or four or more years of work experience.
  • Six or more years of relevant work experience.
Even better if you have:
  • A degree
  • Six or more years of related experience in Information Security, Software Development/Technical Support.
  • Experience in an Information Security, Software Development/Technical Support related position.
  • IT or related experience.
  • One or more of the following professional certifications: CISA (Certified Information Security Auditor), CISM(Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Controls), GSEC (General Security Essentials Certification), or equivalent, or willingness to obtain within 6 months of start date.
  • A thorough understanding of all stages of the SDLC process, from coding and code promotion through all levels of testing as well as management of multiple non-production environments.
  • A solid understanding of networking technologies ad portals.
  • A base knowledge of databases and operating systems.
  • Knowledge of data security fundamentals and best practices with prior responsibilities of protecting information assets.
  • A demonstrated ability to coordinate and lead productive working sessions with resources from multiple application and technology teams across the enterprise.
  • Ability to effectively communicate with Legal department attorneys and other supporting business groups such as Compliance and Finance.
  • Excellent written and verbal communication skills. The ability to work effectively with multiple corporate cultures.
  • Familiarity with IT Governance practices and processes, and solid business acumen.
  • Prior experience producing reference documentation for technical or business reference.
  • Experience with providing awareness to specialized security subject matter experts such as security architects, engineers, secure coding, PCI/CPNI, and/or Privacy specialist to obtain more specific requirements or design direction when circumstances are unique or overly complex.
  • Willingness to collaborate and build relationships with IT colleague's core business partners for continued security education and awareness.
  • Excellent documentation and organization skills.
22CyberNET 22CyberOPS
When you join Verizon...
You'll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America's fastest and most reliable network, we're leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we're about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.
Equal Employment Opportunity
We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.

Employer:  Verizon
07/12/2018

Action

  • Apply
  • Print
  • Email a friend

Featured Jobs

Featured Companies