IT Vendor Security Analyst

The Third-Party Security (TPS) enables the business by proactively identifying, assessing, and mitigating security risks. Protects the confidentiality, integrity, and availability of Verizon assets through robust security standards, rigorous due diligence, and continuous oversight. By using adaptive security monitoring and controls, we defend and protect against potential cyber and security threats and ensure alignment with evolving regulatory and industry requirements. Sustain a resilient and trusted environment, empowering our stakeholders to operate securely and confidently in an increasingly complex digital world. This position will focus on the Third-Party Security Assurance programs throughout the various phases of the Supplier lifecycle, from onboarding through termination and will be based out of a Supplier location supporting the project. You will be integrated with the business operations performing continuous scheduled security activities to identify and monitor for threats, vulnerabilities, non‑compliance and other areas that may elevate risk in direct support of the business. You will be responsible and accountable for reviewing the Physical and Logical controls implemented at the Secured Work Space at the Supplier facility. Conducting regular security reviews and assessments of the Physical and Logical controls in place at a Secured Work Space at the Supplier facility Identify Risks and Vulnerabilities in the overall Security infrastructure in place and ensuring the ongoing protection of assets and sensitive customer information Drawing up test procedures to assess the effectiveness of the security controls in place Assessing Risks and recommend effective controls to protect Verizon projects Performing Event / Security Logs monitoring and Session monitoring Reporting findings to the respective stakeholders and follow up for timely remediation / closure Work with Leadership, Suppliers and Business to address security concerns Establishing, implementing, and communicating Cybersecurity and Information Security Standards, Policies, Procedures and Tests Conduct Investigations for reported possible violations and security breaches Collaborating with Verizon Business and Support teams and work towards ensuring the required process are in place from a risk and compliance standpoint Providing analytical and technical support to solve a wide range of complex security issues and to support projects within a functional area Driving the Supplier Information Security Program to evaluate Suppliers Security practice in order to gauge security posture and readiness to support the business What we're looking for: You understand the importance of information security for companies and their customers and appreciate the magnitude of the risk of emerging security threats to their reputations and businesses. Identifying risks or gaps in controls and analyzing and solving complex problems comes easily to you. You have a knack for conveying difficult messages to people at all levels, and you are willing to take a stand on important issues. You are self‑motivated and you work well independently and with teams to achieve outstanding results. Bachelor's degree or four or more years of work experience. 4 or more years or relevant work experience in Physical Security, Information Security, Cybersecurity, Insider threat or related Security discipline. 3 or more years of working experience in IT network security, risk management, vulnerability assessment, security breach investigation, ethical hacking, forensics investigation. Even better if you have one or more of the following: Professional certifications such as Active Security+, CISSP, CISA, CISM, CFE, or CEH. Experience with network security, risk management, vulnerability assessment, security breach investigation, PCI DSS, ethical hacking, forensics investigation, ITIL, or COBIT frameworks. Experience in cybersecurity, information security, or information assurance position including security verification, or security validation, or security audit based on ISO standards. Experience with a broad range of security solutions to address complex control scenarios. Project management and experience with risks associated with global operations, offshoring, or outsourcing. Experience in physical security reviews and dealing with varying levels of user groups, senior executives, and technical personnel. Attended training and security conferences, chairing forums, writing security/technical books and/or similar web content. Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, control standards, secure coding principles, and security technologies. #J-18808-Ljbffr