Cybersecurity Governance Engineer

GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking experienced and talented Governance Specialist to join our Cyber Risk Management team. As a Governance Engineer, you will work closely with technical and business process teams to assess and document the company's compliance and risk posture. The Governance Specialist will also support the Director of Trustworthy Engineering

Position Description:

The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. You will play a critical role in evaluating and mitigating cybersecurity risks, ensuring adherence to legal requirements, regulations, and industry standards, and development of policies, standards, and guidelines. This role requires a strong background and understanding of all cybersecurity domains. The candidate must use a business risk-based approach to the decision-making process. This position also requires a strong understanding of cybersecurity principles, risk management, and compliance frameworks.

Position Responsibilities

As a Governance Engineer, you will:

• Develop and implement Cybersecurity governance, risk, and compliance strategy, report, and solutions.

• Working with policy owners, review, update policies and procedures regularly.

• Maintain the governance, risk, and compliance SharePoint site.

• Assist in gathering the audit evidence for all cyber audits.

• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.

• Use knowledge and skills to influence remediation and prioritization of key risks while demonstrating holistic understanding and management of risks according to regulatory requirements and industry best practices.

• Serves as a subject matter expert, provides expert advice, and formulate and evaluate contingency plans in partnership with key business stakeholders.

• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

• Design and implement the Information Security Awareness training program.

• Lead the planning/preparation/execution of audits, providing advisory/expertise, and collaborating with internal teams, SMEs, external customers, auditors, and other stakeholders.

Qualifications:

• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC, NYDFS part 500 and NIST

• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, CCPA, PCI)

• Extensive hands-on experience with GRC processes and tools.

• Strong knowledge of information systems auditing, monitoring, controlling, and assessment process

• Ability to develop a rapport with all employees to cultivate an environment conducive to reporting potential policy violations/risks. Ability to competently follow through on investigating such potential violations.

• Ability to work in fast paced environment.

• Ability to work independently and strategically.

• Demonstrated expertise in identifying and analyzing controls and developing effective mitigation strategies.

• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.

• Excellent critical thinking, problem-solving, and decision-making skills.

• Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.

• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

• Strong analytical and problem-solving skills.

• Ability to work independently and as part of a team.

• Excellent written and verbal communication skills.

• Strong attention to detail.

• Proficiency in process development and deployment.

• Strong office skills, including proficiency in Microsoft Office Suite and other productivity tools.

One of the following certifications are highly desired:

• Security+, CISM (Certified Information Security Manager)

• CISSP (Certified Information Systems Security Professional)

• CISA (Certified Information Systems Auditor)

• CRISC (Certified in Risk and Information Systems Controls) or other relevant cybersecurity certifications.

Experience:

• 2+ years of experience in Governance, Risk, and Compliance, preferably in the insurance and financial services industry.

• 2+ Experience with the following is preferred: PCI 3.2.1, PCI 4.0, NIST 800-53, NYDFS.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experienc

Annual Salary

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.