Cyber Risk Manager

GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking an experienced and talented Cyber Risk Manager to join our Cyber Risk Management team. This is not a formal leadership role.

Position Description:

As a Cyber Risk Manager, you will work closely with technical and business process teams to facilitate application risk assessments, coordinate remediation efforts, create mitigation plans, recommend controls, test control effectiveness, as well as assist with tracking remediation efforts to completion. Your role and responsibilities will cover the entire Risk Management Program.

Position Responsibilities

As a Cyber Risk Manager, you will:

• Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
• Perform Application Onboarding and Application Risk Assessment/Re- Assessment tasks
• Facilitate security onboarding process for new applications to GEICO.
• Identify risks associated with GEICO applications by conducting thorough risk assessments and due diligence; coordinate and perform risk re- assessment of existing GEICO applications to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.
• Define and meet SLA expectations for assessments/re-assessments
• Monitor, track, report assessment results for Control Owners; and escalate application risks to Senior Leadership.
• Develop mitigation plans
• Communicate and collaborate with internal and external teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organization's overall risk management framework, program, processes, and tools.
• Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
• Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
• Support the development and maintenance of risk management policies, standards, and guidelines.
• Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders.
• Assist with maintenance of the GRC tool used by the team.
• Perform any other job-related instructions, as requested, with reasonable accommodation.
• Participate in continuous improvement initiatives for the team.
• Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct.
• Extensive 1st and/or 2nd Line of Defense hands on experience along with Remediation Management.
• Experience with implementation and maturing of Cyber frameworks, NIST- CSF, ISO, MITRE ATTACK Framework, etc.

Qualifications:

• Manage tracking and remediation of vulnerabilities by leveraging agreed- upon action plans and timelines with responsible teams
• Recommend appropriate policy, standards, process, and procedural updates as part of comprehensive remediation solutions
• Validate remediation by renewing application updates or deployed mitigations to verify resolution
• Experience working with application security and secure development practices.
• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI, NYDFS).
• Extensive hands-on experience with GRC tools.
• Solid working knowledge of IT security and infrastructure controls.
• Assist with the evaluation of risk/policy exception reviews to assess residual business risk after weighing application security gaps, compensating controls, and inherent risk likelihood
• Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations/risks. Ability to competently follow through on investigating such potential violations.
• Proven ability to assess application risk programs, evaluate organizational needs and implement required changes.
• Ability to work independently and strategically.
• Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
• Development, Coding, or Scripting experience preferred.
• Solid understanding of the roles internal compliance and audit teams play in Risk Management.
• Excellent critical thinking, problem-solving, and decision-making skills.
• Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

The following Cybersecurity certifications are highly desired:

• Security
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Controls)
• Or other relevant cybersecurity certifications

Experience:

• 4 years of experience in IT risk management and/or audit experience in cyber risk management, preferably in the insurance and financial services industry.

Education:

• Bachelor's degree in Engineering, Computer Science, Cybersecurity, Information Security, or equivalent education or work experience

Benefits:

At GEICO, we make sure you have the support and resources to leverage and develop your skills, secure your financial future, and take care of your health and well-being. GEICO continually seeks to provide a workplace where everyone can be their authentic self. To help achieve this goal, we support associate-led Employee Resource Groups that foster a true sense of community. Through GEICO's competitive benefits offerings and various training and development opportunities, we have you covered with our Total Rewards Program * that includes:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Assistance including Direct Billing and Reimbursement payment plan options
• Paid Training, Licensures and Certificates

*Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire coverage to take effect.

GEICO is proud to be an equal opportunity employer. We are committed to cultivating an environment where equal employment opportunities are available to all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO celebrates diversity and believes it is critical to our success. As such, we are committed to recruit, develop and retain the most talented individuals to join our team.

#LI-AW1

At this time, GEICO will not sponsor a new applicant for employment authorization for this position.