Staff Cyber Security Engineer - GRC (REMOTE)

At GEICO we offer a rewarding career where your ambitions are met with endless possibilities.

Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers expectations while making a real impact for our company through our shared purpose.

When you join our company we want you to feel valued supported and proud to work here. Thats why we offer The GEICO Pledge: Great Company Great Culture Great Rewards and Great Careers.

GEICOis a leading insurance provider in the United States and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management we are seeking experienced and talented Staff Security Engineer to optimize our organizations cybersecurity governance program. As a Staff Security Engineer in the Cyber Governance department you will work closely with technical and business teams to assess and drive policy lifecycle management including content creation creating and aligning standards ensuring security controls are documented for each standard managing the security controls lifecycle with evidence frequency and driving adherence to policies to ensure regulatory compliance is achieved.

Position Description:
The purpose of this position is to provide technical and information security expertise for development and implementation of the information security policies and managing regulatory compliance obligations. You will play a critical role in evaluating and mitigating cybersecurity risks ensuring adherence to legal requirements regulations and industry standards and development of policies standards and guidelines. This role requires a strong background and understanding of all cybersecurity domains. The candidate must use a business risk-based approach to the decision-making process. This position also requires a strong understanding of cybersecurity principles risk management and compliance frameworks.

As a Staff Security Engineer you will:

• Main point of contact for policies standards controls and remediation for non-compliance with policies
• Assess and manage information security risks working actively with stakeholders to mitigate risks
• Collaborate with IT compliance legal and risk management teams to ensure regulatory and industry specific security requirements are met
• Conduct security assessments audits and compliance reviews to identify non-adherence to policies and recommend remediation strategies
• Develop metrics and reporting mechanisms to communicate security risks and compliance status to business and tech partners
• Work with external audits on security certifications e.g. ISO 27001 SOC 2 Type 2
• Prepare controls owners for internal and external audits
• Manage the compliance landscape to keep cyber up to date on expectations and evidence required
• Assist in gathering the audit evidence for all cyber audits including PCI NY DFS and state exams.
• Review evidence that is gathered by control owners before submitting to auditors
• Work with controls owners to identify opportunities for automating manual processes and controls
• Develop and implement Cybersecurity policy lifecycle standards and unified security controls. Drive the annual policy review lifecycle
• Develop dashboards and reporting on adherence to policies
• Working with policy owners review update policies and procedures regularly.
• Maintain the governance risk and compliance SharePoint site.
• Use knowledge and skills to influence remediation and prioritization of key risks while demonstrating holistic understanding and management of risks according to regulatory requirements and industry best practices.
• Serves as a cyber governance subject matter expert provides expert advice and formulate and evaluate contingency plans in partnership with key business stakeholders.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
• Lead the planning/preparation/execution of audits providing advisory/expertise and collaborating with internal teams SMEs external customers auditors and other stakeholders.
• Educate relevant stakeholders about our solutions and potential opportunities.
• Work closely with various teams to drive feature innovation based upon customer needs.
• Consistently share best practices and improve processes within and across teams

Qualifications

• Experience working independently providing recommendations and leading accomplishments from inception to completion
• Advances knowledge with security frameworks like NIST CSF 2.0 ISO 27001 SOC 2 Type 2 PCI DSS other compliance areas like NY DFS Sarbanes Oxley etc.
• 6 years of experience performing cybersecurity compliance testing using industry standard tools.
• Experience leading internal and external audits
• Comfortable working deeply with both technical and non-technical resources
• Ability to prioritize and track multiple projects and tasks in parallel
• Understanding of security protocols and products such as of Active Directory Windows Authentication SAML OAuth
• Experience in Datacenter structure capabilities and offerings including the Azure platform and its native services

• 6 years of security compliance framework experience
• Great at both collaboration and independent problem solving
• Superb written communication and technical research skills
• Ability to develop relationships and work effectively with different teams at all levels and across functions relative to technical policy and business concerns
• Ability to resolve conflicts and drive issues to resolution
• Work independently with little or no supervision while maintaining a high level of efficiency
• Bachelors Degree or equivalent experience preferred.

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include but are not limited to the scope and responsibilities of the role the selected candidates work experience education and training the work location as well as market and business considerations.

The GEICO Pledge:

Great Company:At GEICO we help our customers through lifes twists and turns. Our mission is to protect people when they need it most and were constantly evolving to stay ahead of their needs.

Were an iconic brand that thrives on innovation exceeding our customers expectations and enabling our collective success. From day one youll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on peoples lives.

Great Careers:We offer a career where you can learn grow and thrive through personalized development programs created with your career and your potential in mind. Youll have access to industry leading training certification assistance career mentorship and coaching with supportive leaders at all levels.

Great Culture:We foster an inclusive culture of shared success rooted in integrity a bias for action and a winning mindset. Grounded by our core values we have an an established culture of caring inclusion and belonging that values different perspectives. Our teams are led by dynamic multi-faceted teams led by supportive leaders driven by performance excellence and unified under a shared purpose.

As part of our culture we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers.

Great Rewards:We offer compensation and benefits built to enhance your physical well-being mental and emotional health and financial future.

• Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your familys overall well-being.
• Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance.
• Access to additional benefits like mental healthcare as well as fertility and adoption assistance.
• Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program which offers the ability to work from anywhere in the US for up to four weeks per year.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race color religious creed national origin ancestry age gender pregnancy sexual orientation gender identity marital status familial status disability or genetic information in compliance with applicable federal state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.