This job listing has expired and the position may no longer be open for hire.

Senior Engineer - Information Security Compliance at Verisign in Reston, Virginia

Posted in Software 30+ days ago.

Type: Full-Time

Job Description:

Verisign operates the infrastructure for a portfolio of top-level domains that today include .com, .net, .tv, .edu, .gov, .jobs, .name and .cc, as well as two of the world's 13 Internet root servers, ensuring that the world's 4.5 billion Internet users can connect online with reliability and confidence, anytime, anywhere. For more than 21 years, the Verisign DNS has maintained 100 percent operational accuracy and stability for .com and .net. Verisign manages and protects the DNS infrastructure for over 151.7 million .com and .net domain names and processes more than 152 billion queries daily-keeping the world connected online, seamlessly and securely.

The mission of the Governance, Risk, and Compliance (GRC) team is to provide assurance and consulting services designed to improve the security posture of Verisign and its business partners by:

• Helping employees and business partners understand and comply with applicable policies, standards, and regulatory requirements;

• Identifying, developing, and implementing solutions to avoid deviations from policies and standards; and

• Promoting secure practices that protect Verisign. 

The Senior Engineer – Information Security Governance, Risk, and Compliance is supporting an enterprise-wide information security governance, risk, and compliance program and will provide leadership for a variety of high-visibility initiatives.

Primary Responsibilities:

• Lead efforts to manage internal information-security controls that includes: documenting, providing recommendations for, analyzing, and assessing technical and management security control narratives and controls across the enterprise based on the latest AICPA Trust Services Criteria. Required to provide expert-level input and recommendations for process and control changes to meet external audit and operational requirements

• Provide leadership in audit liaison activities for a variety of external assessments against various compliance frameworks. Provide expert-level advice and guidance to a variety of control owners

• Report to senior management about the effectiveness of data security, and make recommendations for the adoption of new procedures, controls, and/or technologies

• Manage less experienced team members to foster professional development and promote internal knowledge sharing

Required Skills:

• 10+ years progressively responsible experience in information security audit, compliance, risk, and project management required

• 4+ years of experience leading teams in a matrixed environment highly preferred

• Bachelors’ degree in computer science, or related field or equivalent work experience required

• Subject matter expertise in translating applicable security frameworks, industry best practices, and international laws and regulations into control requirements

• Serve as a subject matter expert to internal security, privacy, and compliance stakeholders on specific topics/issues to enhance the establishment of the overall security control framework

• An ability to quickly complete assigned tasks from senior management with little or no supervision

• Manage multiple projects simultaneously across many areas related to information security

• Thorough understanding and knowledge of SOC Audits and associated AICPA Trust Services Criteria and NIST SP 800-53 Controls (latest revision)

• Experience with, and strong understanding of, most of the following security compliance frameworks, controls, and best practices: SOC Audits and AICPA Trust Principals, NIST SP 800-53 Controls (latest revision)

• Professional security management certification in one or more of the following areas: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)

• Certified Cloud Security Professional (CCSP), Certified Authorization Professional (CAP), systems (Windows/Linux/Unix) security engineering, and/or network security engineering experience preferred