Secur Cslt IV-Sec Risk Mgt

Job Description

When you join Verizon

You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.

The Verizon CyberSecurity (VCS) organization ensures the confidentiality, integrity and availability of technology assets and information across all Verizon networks, systems and applications. VCS integrates cyber security governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services in support of protecting our company and customers.

The Audit Lifecycle Management (ALM) team within the Governance, Risk and Compliance (GRC) organization, plays an important role in driving and supporting Verizon’s adherence to external regulations & internal controls from a cybersecurity perspective. In this role, you will work with security leaders and business stakeholders to help ensure that we clearly represent Verizon’s information security posture. You will support the management and coordination of Cybersecurity audit related efforts including SOX 404 and Cybersecurity internal advisory audits. As part of a cohesive team, you will help build and optimize a cohesive, repeatable and sustainable program to effectively demonstrate effective control design and operating effectiveness.

As part of the ALM team, you will be expected to work independently and as a team, take ownership of tasks and drive successful outcomes. You should be comfortable interacting tactfully and confidentiality with internal and external information security leaders & audit personnel. You need to understand information security risk management, and creatively identify alternative ways of managing information security risk. If this sounds like you, this role may be the right fit. Check out the specific responsibilities below:

What you’ll be doing...

Evaluating and Testing Controls

• Use effective auditing techniques (IT audit methodologies, automated testing techniques, basic data analytics) to optimize Information Technology General Controls (ITGC) testing approach

• Use your professional skepticism, to evaluate evidence submitted to satisfy the design and operating effectiveness of ITGC’s, and render your overall opinion.

• Clearly and concisely document testing procedures performed with sufficient detail that testing procedures can be performed independently

• Create and maintain control narratives and process flow documentation that can be used to demonstrate how processes and controls are implemented to reduce risk.

• Be receptive to feedback and quickly address any review comments found as part of evaluator review of testing performed

Evaluating Process Design and Advising on Opportunities to Optimize or Improve to Reduce Risk

• Lead walkthrough meetings and ask relevant questions to clearly understand how control processes are performed and document those processes sufficiently that others can understand how they operate.

• Be inquisitive and curious about processes and technologies with a focus on identifying potential security or control weaknesses that may cause risk.

• Understand and decompose complex IT processes and communicate them in simple and concise terms

• Use expertise to suggest creative, practical and cost effective solutions for mitigating identified risks

Build a Best in Class Cybersecurity Audit Support Program

• Consistently deliver high quality work products that fully address the criteria for which they were intended, requires minimal modification, and are grammatically sound

• Actively assist with efforts to modernize audit related programs that will enable automation, repeatability, and simplification of efforts for our team, stakeholders and customers

• Proactively leverage problem solving and analytical skills to identify opportunities to further optimize the SOX 404 program, reduce waste or eliminate redundant efforts.

• Boldly challenge existing processes and actively look for new and transformative ways to optimally manage risk

• In this contributor role, take ownership of assigned areas of responsibility and effectively manage workload to meet deadlines

• Manage assigned areas of responsibility with urgency and purpose

• Leverage customer service expertise to effectively partner and communicate with stakeholders

• Keep current on US regulatory compliance trends and emerging technologies impacting OS, database, mainframe and security tooling to ensure that testing strategies and approaches align with latest technological advances

• Help maintain updated and accurate records or program progress and status and assist with communicating progress to stakeholders.

What we’re looking for...

You are curious and thorough. You enjoy finding security gaps—or even better anticipate them-- and figuring out ways to repair them. You’re a great teammate and you build trusting relationships with customers. You can balance multiple projects and you’re not afraid of a deadline or two. And you understand the importance of your role in keeping your customer’s private information safe and secure.

You’ll need to have:

• Bachelor’s degree in Management Information Systems, Accounting Information Systems, Computer Science, Information Security, Cyber Security, Risk Management, Information Technology or other related fields

• Eight or more years of relevant work experience in Information Security, Technology, IT Operations, or Security Risk Management

• Five or more years of experience in managing complex projects with multiple work streams

• Five or more years experience in IT Auditing in support of internal audit or external regulations

Even better if you have one or more of the following:

• Effective interpersonal skills and the ability to thrive in a team environment

• Ability to develop creative and innovative solution to complex business issue

• Strong analytical skills with experience in automation and data analysis

• Ability to wear ‘multiple hats’, deal with ambiguity and have a problem-solving mentality.

• Excellent written and verbal communication skills, with the ability to translate complex technical concepts into clear and concise language for various audiences

• Documentation, planning, negotiation, work prioritization and organizational skills

• Experience with audit, compliance, cyber security risk management concepts, cyber security frameworks, secure coding principles, and security technologies

• Willingness to learn and implement new technologies and concepts

• Experience preparing and providing executive level communications and reporting

• Relevant industry certifications such as CRISC, CISSP, CISA, CISM are highly desired

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

Where you’ll be working

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

Scheduled Weekly Hours

40

Diversity and Inclusion

We’re proud to be an equal opportunity employer. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.