Job Description
The Verizon CyberSecurity (VCS) organization ensures the confidentiality, integrity and availability of technology assets and information across all Verizon networks, systems and applications. VCS integrates cyber security governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services in support of protecting our company and customers.
The Audit Lifecycle Management (ALM) team within the Governance, Risk and Compliance (GRC) organization, plays an important role in driving and supporting Verizon’s adherence to external regulations & internal controls from a cybersecurity perspective. In this role, you will work with security leaders and business stakeholders to help ensure that we clearly represent Verizon’s information security posture. You will support the management and coordination of Cybersecurity audit related efforts including SOX 404 and Cybersecurity internal advisory audits. As part of a cohesive team, you will help build and optimize a cohesive, repeatable and sustainable program to effectively demonstrate effective control design and operating effectiveness.
As part of the ALM team, you will be expected to work independently and as a team, take ownership of tasks and drive successful outcomes. You should be comfortable interacting tactfully and confidentiality with internal and external information security leaders & audit personnel. You need to understand information security risk management, and creatively identify alternative ways of managing information security risk. If this sounds like you, this role may be the right fit. Check out the specific responsibilities below:
What you’ll be doing...
Evaluating and Testing Controls
Use effective auditing techniques (IT audit methodologies, automated testing techniques, basic data analytics) to optimize Information Technology General Controls (ITGC) testing approach
Use your professional skepticism, to evaluate evidence submitted to satisfy the design and operating effectiveness of ITGC’s, and render your overall opinion.
Clearly and concisely document testing procedures performed with sufficient detail that testing procedures can be performed independently
Create and maintain control narratives and process flow documentation that can be used to demonstrate how processes and controls are implemented to reduce risk.
Be receptive to feedback and quickly address any review comments found as part of evaluator review of testing performed
Evaluating Process Design and Advising on Opportunities to Optimize or Improve to Reduce Risk
Lead walkthrough meetings and ask relevant questions to clearly understand how control processes are performed and document those processes sufficiently that others can understand how they operate.
Be inquisitive and curious about processes and technologies with a focus on identifying potential security or control weaknesses that may cause risk.
Understand and decompose complex IT processes and communicate them in simple and concise terms
Use expertise to suggest creative, practical and cost effective solutions for mitigating identified risks
Build a Best in Class Cybersecurity Audit Support Program
Consistently deliver high quality work products that fully address the criteria for which they were intended, requires minimal modification, and are grammatically sound
Actively assist with efforts to modernize audit related programs that will enable automation, repeatability, and simplification of efforts for our team, stakeholders and customers
Proactively leverage problem solving and analytical skills to identify opportunities to further optimize the SOX 404 program, reduce waste or eliminate redundant efforts.
Boldly challenge existing processes and actively look for new and transformative ways to optimally manage risk
In this contributor role, take ownership of assigned areas of responsibility and effectively manage workload to meet deadlines
Manage assigned areas of responsibility with urgency and purpose
Leverage customer service expertise to effectively partner and communicate with stakeholders
Keep current on US regulatory compliance trends and emerging technologies impacting OS, database, mainframe and security tooling to ensure that testing strategies and approaches align with latest technological advances
Help maintain updated and accurate records or program progress and status and assist with communicating progress to stakeholders.
What we’re looking for...
You are curious and thorough. You enjoy finding security gaps—or even better anticipate them-- and figuring out ways to repair them. You’re a great teammate and you build trusting relationships with customers. You can balance multiple projects and you’re not afraid of a deadline or two. And you understand the importance of your role in keeping your customer’s private information safe and secure.
You’ll need to have:
Bachelor’s degree in Management Information Systems, Accounting Information Systems, Computer Science, Information Security, Cyber Security, Risk Management, Information Technology or other related fields
Eight or more years of relevant work experience in Information Security, Technology, IT Operations, or Security Risk Management
Five or more years of experience in managing complex projects with multiple work streams
Five or more years experience in IT Auditing in support of internal audit or external regulations
Even better if you have one or more of the following:
Effective interpersonal skills and the ability to thrive in a team environment
Ability to develop creative and innovative solution to complex business issue
Strong analytical skills with experience in automation and data analysis
Ability to wear ‘multiple hats’, deal with ambiguity and have a problem-solving mentality.
Excellent written and verbal communication skills, with the ability to translate complex technical concepts into clear and concise language for various audiences
Documentation, planning, negotiation, work prioritization and organizational skills
Experience with audit, compliance, cyber security risk management concepts, cyber security frameworks, secure coding principles, and security technologies
Willingness to learn and implement new technologies and concepts
Experience preparing and providing executive level communications and reporting
Relevant industry certifications such as CRISC, CISSP, CISA, CISM are highly desired
,
IT-Software- Software services
