Cyber Governance Security Engineer (REMOTE) (geico)

Job Description

GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking experienced and talented Security Engineer to optimize our organizations cybersecurity governance program.  As a Security Engineer in the Cyber Governance department, you will work closely with technical and business teams to assess and drive policy lifecycle management including content creation, creating and aligning standards, ensuring security controls are documented for each standard, managing the security controls lifecycle with evidence, frequency and driving adherence to policies to ensure regulatory compliance is achieved.

Position Description:
The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. You will play a critical role in evaluating and mitigating cybersecurity risks, ensuring adherence to legal requirements, regulations, and industry standards, and development of policies, standards, and guidelines. This role requires a strong background and understanding of all cybersecurity domains. The candidate must use a business risk-based approach to the decision-making process. This position also requires a strong understanding of cybersecurity principles, risk management, and compliance frameworks.

As a Security Engineer, you will:

• Main point of contact for policies, standards, controls and remediation for non-compliance with policies

• Assess and manage information security risks, working actively with stakeholders to mitigate risks

• Collaborate with IT, compliance, legal and risk management teams to ensure regulatory and industry specific security requirements are met

• Conduct security assessments, audits and compliance reviews to identify non-adherence to policies and recommend remediation strategies

• Develop metrics and reporting mechanisms to communicate security risks and compliance status to business and tech partners

• Work with external audits on security certifications e.g. ISO 27001, SOC 2 Type 2

• Prepare controls owners for internal and external audits

• Manage the compliance landscape to keep cyber up to date on expectations and evidence required

• Assist in gathering the audit evidence for all cyber audits including NY DFS and state exams.

• Review evidence that is gathered by control owners before submitting to auditors

• Work with controls owners to identify opportunities for automating manual processes and controls

• Develop and implement Cybersecurity policy lifecycle, standards and unified security controls.  Drive the annual policy review lifecycle

• Develop dashboards and reporting on adherence to policies

  JOB IS FROM: partimejobs.netVIEW

• Working with policy owners, review, update policies and procedures regularly.

• Maintain the governance, risk, and compliance SharePoint site.

• Use knowledge and skills to influence remediation and prioritization of key risks while demonstrating holistic understanding and management of risks according to regulatory requirements and industry best practices.

• Serves as a cyber governance subject matter expert, provides expert advice, and formulate and evaluate contingency plans in partnership with key business stakeholders.

• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

• Lead the planning/preparation/execution of audits, providing advisory/expertise, and collaborating with internal teams, SMEs, external customers, auditors, and other stakeholders.

• Educate relevant stakeholders about our solutions and potential opportunities.

• Work closely with various teams to drive feature innovation based upon customer needs.

• Consistently share best practices and improve processes within and across teams

Qualifications:

• Experience working independently, providing recommendations, and leading accomplishments from inception to completion

• Advances knowledge with security frameworks like NIST CSF 2.0, ISO 27001, SOC 2 Type 2, PCI DSS, other compliance areas like NY DFS, Sarbanes Oxley, etc.

• 5+ years of experience performing cybersecurity compliance testing using industry standard tools. 

• Experience leading internal and external audits

• Comfortable working deeply with both technical and non-technical resources

• Ability to prioritize and track multiple projects and tasks in parallel

• Understanding of security protocols and products such as of Active Directory, Windows Authentication, SAML, OAuth

• Experience in Datacenter structure, capabilities, and offerings, including the Azure platform, and its native services

• 5+ years of security compliance framework experience

• Great at both collaboration and independent problem solving

• Superb written communication and technical research skills

• Ability to develop relationships and work effectively with different teams at all levels and across functions relative to technical, policy, and business concerns

• Ability to resolve conflicts and drive issues to resolution

• Work independently with little or no supervision while maintaining a high level of efficiency

• Bachelor's Degree or equivalent experience preferred.

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Assistance
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.