The Cyber Security Strategy, Risk and Program Management organization’s objective is to ensure that Verizon is able to effectively identify, prevent, detect and respond to cyber threats against our technology and network infrastructure. The scope of Cybersecurity Strategy and Risk Management team comprises of developing enterprise cyber security strategy and risk management strategy for detection and monitoring of risks, vulnerabilities, and evolving our preventive infrastructure, network and business processes to keep ahead of the threat.
We accomplish this through strong information security leadership and active collaboration with line of business to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
Risk Management practice develops policies and standards to direct and assist the Business to mitigate the risk inherent in their business activities, improve understanding of the firm's exposure, drive improvements in the security control environment, and comply with regulatory requirements and to share best practices to eliminate or minimize losses or damage to the firm's reputation.
The Cyber Risk Manager will lead a cross matrix team of individuals focused on identifying, assessing and mitigating the security framework for data protection within Verizon. This role will interface heavily with the technology, network and business process leaders to provide security strategy support and ensure security controls are delivered in conformance with NIST Cybersecurity control standards.
This position is targeted for a business technology executive in information security with extensive governance, compliance, & security experience and a proven track record of identifying inadequacies, developing enabling solutions, and leading security programs.
The successful candidate will ensure the security framework is clearly defined in policies, standards and procedures that support global information security objectives, including security controls and hardening concepts relevant to core data elements.
Additionally, candidate will liaise with stakeholders across the firm to drive strategic execution of key imperatives. The successful candidate will ensure that intended objectives are able to be adopted by impacted stakeholders, and changes are clearly and comprehensively communicated.
- Understanding emerging risk trends, technical reviews, security threats, business requirements, and architectural views in order to provide input on solutions
- Developing and managing an enterprise risk register by collaborating with stakeholders across compliance, internal audit, technology, security and business units.
- Establishes processes to identify areas of potential risk.
- Provide quantitative and qualitative information to support the prioritization of tactical and strategic risk mitigation projects.
- Assist in the development and implementation of new risk initiatives, including policies, processes and awareness programs.
- Conducts and assists in Risk assessments related to infrastructure, platforms and applications in accordance with Risk Program methodology.
- Conducts and participates in vulnerability assessments for various disciplines
- Recommend and implement solutions to address findings from risk assessments.
- Participates in key or major projects across technology that have a high inherent risk profile to assist in establishing risk controls to mitigate the residual risk to an acceptable level.
- Review and evaluate global cybersecurity requirements. Provide input to control teams, technology organizations, and risk management to ensure consistency of message to executives and/or identify areas of disagreement between the Lines of Defense
- Significant Event Analysis - Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform auditors, technology assessments and scenario analysis. Investigate Operational Risk events meeting selection criteria; Assist LOB in determining the appropriate consideration of technology risk management and risk events
- New Business Initiatives (NBI) - Assist technology stakeholders with cybersecurity perspective on new business initiatives. Independently review architecture, standards, risk remediation activities.
- Cyber Risk Appetite/ Key Risk Indicators (KRI) - Work with Cybersecurity to approve KRIs and KRI aggregation structure. Assist in development, approval and maintenance of firm’s Cyber Risk Appetite statement. Monitor KRIs and escalate breaches to Control Committees as appropriate.
- Manage a diverse stakeholders of technologists focused on risk assessments of cyber controls, and collaborating with the various support organizations
- Liaise with Legal, Finance, Operations, audit and HR offices for integration of security strategy.
- Ability to lead small, less complex system assessments independently
- Bachelor’s degree or six or more years of equivalent work experience.
- Experience in information security, risk management, or privacy.
Ideally, you’ll also have:
- Your degree in Computer Science. Even better if you have your Master’s degree.
- Ten or more years of experience working in information security, risk management, or privacy within the technology, telecommunication or finance sector
- Knowledge of information security and privacy regulatory requirements.
- Highly-motivated leader able to handle a high level of complexity and dynamic priorities.
- Excellent interpersonal and communication skills – ability to facilitate, negotiate, and influence.
- Solid knowledge of information security principles and practices, as well as an advanced understanding of security standards.
- Expertise in Security Frameworks (NIST, ISF, ISO, COBIT etc.) and regulatory requirements is a plus.
- Either of CISA, CRISC, CISM, CISSP, CEH, OSCP & PMP.
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience and developing executive presentations.
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.
Equal Employment Opportunity
We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Click here for more info: http://www.verizon.com/about/work/jobs/6464718-cyber-risk-manager
• Post ID: 97565888 newyork