VeriSign - Reston, VA4.2

ContractEstimated: $100,000 - $150,000 a year
Verisign, a global leader in domain name registry services and internet infrastructure, enables internet navigation for many of the world’s most recognized domain names. Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce.

The Information Security & Compliance Team at Verisign is seeking a self-motivated, passionate, and results-driven Information Security professional to join a high-performing Governance, Risk, and Compliance (GRC) team. The Information Security GRC Engineer supports an enterprise-wide governance, risk, and compliance program focusing on security risk management, ensuring compliance with internal and external security requirements, and continuous improvement of security governance and security controls through collaborating with all groups across the organization.

Primary Responsibilities:
Perform security risk assessments with an emphasis on cyber supply chain risk management, contract review, and cloud security
Review contracts for security terms and conditions and prepare risk assessments to brief management on contract risks
Create assessment reports that clearly communicate issues and risks from both a technical and business perspective
Collaborate across multiple departments and stakeholders involved in the supply chain and procurement process
Assist with the development and management of the enterprise information security policies, standards, and procedures
Provide support for independent external security audits and proactively evaluate the organization’s compliance with internal and external security requirements


Required Skills:
Understanding of information security risks with third-party suppliers, and methods for managing supply chain risks
Effectively communicate security requirements, assessment results, and remediation efforts to senior management
Ability to understand and review information security related terms and conditions in contracts with third parties to identify security risks
Ability to work in a cross-functional organization and act as a liaison between procurement and legal teams during the contract review process
Act as an advocate for internal customers and business units to enable success while managing security risks
Must be able to summarize and communicate technical data to a non-technical audience.
Strong attention to detail and ability to create high quality work products suitable for executive-level review; excellent written and oral communication skills are required
Must be highly-motivated, with a strong work ethic, and able to work effectively under supervision

Preferred skills and certifications:
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) are preferred
Linux system administration and/or security engineering experience is a plus

Education and experience
Bachelor's degree in Information Systems, Computer Science, or related field required
5+ years progressively responsible experience in information security governance, risk, compliance, or security assessment/audit

JOB TYPE: Regular
PRIMARY LOCATION: United States-Washington D.C. Metro-Virginia-Reston