Verizon Senior Manager, Enterprise Vulnerability Management in Ashburn, Virginia

What you’ll be doing...

The Enterprise Vulnerability Management (EVM) Team Manager reports to the Corporate Information Security (CIS) Director of Security Operations and is responsible for leading and managing the delivery of enterprise level Vulnerability Management across the Verizon enterprise and business units. You will be responsible for the establishment, maintenance and execution of enterprise vulnerability standards, processes, procedures, and operations to support the vulnerability visibility of applications, platforms, technologies, processes and systems to identify vulnerabilities and weaknesses that can be exploited by threat actors.

You will translate the EVM delivery strategy into actionable and measurable activities and use your sound technical and managerial skills to ensure that the identified activities are effectively executed to meet our business goals. You will be responsible for establishing an EVM Center of Excellence.

  • Developing a clear enterprise vision and approach to engaging and delivering EVM functionality.

  • Establishing and fostering partnership and trust between the CIS teams and business.

  • Integrating process optimization and innovating engineering efforts.

  • Developing and promoting best practices as enterprise standards.

  • Establishing capabilities to provide technical guidance to support standards adoption and quality control.

  • Driving process maturity within the organization by aligning short-term business unit needs with long-term enterprise goals.

  • Leading the enterprise-wide vulnerability management and bug bounty capabilities by setting the vision and establishing direction to identify material risks and vulnerabilities based on cutting edge tools, tactics and protocols.

  • Collaborating closely with security architecture teams to provide vision, scope, and requirements for expansive deployment and evolution of EVM strategies and goals.

  • Providing flexible and dynamic leadership to enable core team members and dotted line staff to rapidly make decisions and execute within accordance to tactical and strategic guidance and goals.

  • Building and maintaining relationships with other IT, network, and security leaders to develop a clear understanding of business needs.

  • Ensuring cost-effective delivery of EVM services to meet business needs, and responding with agility to changing business priorities.

  • Directing and overseeing the bug bounty program to maximize the engagement of the research community and obtain the strongest results possible for the budgeted bounty pay outs.

  • Maintaining and overseeing the execution of the coordinated enterprise-level vulnerability management program that effectively reviews, analyzes, communicates, and guides remediation of vulnerabilities to help mature Verizon security posture against real-world threats.

  • Working effectively with business units to facilitate build and expand EVM capabilities to support new deployment efforts, vulnerability scanning, vulnerability remediation/mitigation, post-incident remediation validation, and proactive identification of threats and vulnerabilities to support operational risk assessment and management processes and efforts.

  • Managing the cost-efficient delivery EVM corporate wide within an organizational structure consisting of direct reports and dotted line reports. This includes ensuring hiring, training, staff development, performance management, and annual performance reviews are aligned and effectively executed to continue to grow the skills and capabilities in accordance with Verizon’s strategic needs.

  • Building the necessary internal relationships and communication networks among the broader information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure continued alignment as required.

  • Integrating external threat environment information for emerging threats to known vulnerabilities, and advising relevant stakeholders on the appropriate courses of action.

What we’re looking for...

You'll need to have:

  • Bachelor's degree or four or more years of work experience.

  • Six or more years of relevant work experience.

Even better if you have:

  • Bachelor’s degree in Engineering or Information Technology.

  • Master’s degree in a technical discipline.

  • Six or more years of cyber security experience, with four or more years in a significant leadership role.

  • Proficiency in a Cyber Security functional field, and management experience of cyber security and IT functions such as Development, SDLC management, Systems Administration, etc.

  • Process and program management background.

  • Proven track record and experience effectively leading matrixed organizations with significant dependencies on external teams, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.

  • Strategic people leader skills with the ability to build partnerships and energize the appropriate teams in the organization.

  • Proven leadership in advanced information systems and broad business acumen.

  • Proven track record of building, training, and developing a high-performing team, and the ability to lead and motivate the team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists.

  • Curiosity, critical thinking and strong problem-solving skills.

  • Excellent analytical skills, ability to manage multiple projects under strict timelines, and the ability to work well in a fast paced, dynamic environment and meet overall objectives.

  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

  • Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Offensive Security Certified Professional (OCSP) or other similar credentials.

  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

  • Project management skills with financial/budget management, scheduling and resource management.

  • Experience with contract and vendor negotiations.

22CyberOPS

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

REQNUMBER: 498538-1F