Senior Cybersecurity Specialist
Description
Senior Cybersecurity Specialist - Governance, Risk & Compliance
At Liberty Mutual Insurance, we believe progress happens when people feel secure. Our Cybersecurity Specialists form a diverse team of security professionals who are collectively responsible for improving the overall security posture of the organization. They evaluate and manage risks, test the effectiveness and completeness of security controls, and partner with teams across the company to optimize our security posture while ensuring the business is able to innovate. Cybersecurity specialists must continually adapt to stay ahead of a dynamic threat landscape. We are expected to continually learn and grow. This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect our business.
In this Governance, Risk & Compliance role, you will have exposure to cutting-edge security solutions and learn how they are used to mitigate risks across the organization from on-prem solutions to cloud environments. You will be able to influence the owners of the solutions to use them in being compliant by design to protect Liberty Mutual's financial and regulatory risks. By doing so, you will have the opportunity to influence the controls designed to manage, develop, deploy, and support security requirements globally, as well as evaluate the effectiveness over those controls
As a Senior Cybersecurity Specialist, you would be a member of an agile team that is focused on how to maintain and iterate Cybersecurity policies and standards, evaluate control effectiveness, and comply with emerging laws and regulations at the scale and speed necessary to protect Liberty Mutual data.
About the job:
- Independently evaluates security and IT financial compliance risk in order to factor that information into the development of security standards, procedures, and controls to manage that risk, with a mindset of continuous process improvement.
- Partners with stakeholders and customers across the Enterprise to harmonize policy and standard content
- Proactively identifies and resolve identified issues in controls and determine controls to be put in place to address gaps.
- Delivers and assist other team members in risk identification and mitigation strategies, control documentation, evaluation of control design, evaluation of control operation, reporting of control deficiencies, and remediation strategies.
- Effectively communicates technical and non-technical content to diverse audiences.
The Ideal Candidate Will have:
- Ability to assess technology and processes to determine risks, impacts, and relationships with corresponding standards and authoritative sources in order to provide guidance for documentation of controls and related policies and standards
- Knowledge and experience working with cybersecurity controls, IT auditing, risk and regulatory assessment best practices, cybersecurity and compliance frameworks such as CIS Controls, NIST CSF, ISO 27001, FAIR, COBIT, GDPR/CCPA
- Working knowledge and practice of IT security, risk and compliance concepts, processes and able to execute existing patterns
- Highly collaborative with peers and customers on a technical and professional level and driven to improve service and engagement models
- Ability to understand and align business drivers in relation to compliance considerations
- Ability to scope and integrate control frameworks and regulatory requirements into enterprise controls and advise on control design to meet cybersecurity risk and compliance needs
- Knowledge of Agile practices and experience working with scrum teams
- Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; strategic and holistic thinking; able to present to senior contributors and management
Qualifications:
- Bachelors or Master's degree in technical discipline or equivalent experience
- Generally 5+ years of professional experience
- Knowledge of and experience in identifying risks, corresponding controls, gaps, and applicable testing strategies
- Highly capable consultative skills, including the ability to understand and assist in applying customer requirements
- Knowledge of and experience in creating and implementation of security controls
- Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; able to present to senior contributors and management
- Highly collaborative with peers, customers, and stakeholders on a technical and professional level and driven to improve service and engagement models
- Knowledge of and experience of IT controls/ IT auditing/Security/Compliance/ control frameworks and regulations (ex. PCAOB, AICPA, NIST, PCI, NY DFS, etc.)
- Thorough knowledge of new and emerging technologies, well versed in IT concepts, strategies and methodologies, as well as security aspects of multiple platforms, operating systems, software, communications and network protocols
Qualifications
- Overview of the minimum knowledge, skills and abilities that are typically required to perform the duties of the role
- In lieu of any required and/or preferred technical/managerial experience, participation in a company wide sponsored rotational assignment program that provides broad exposure to multiple functions within the organization would be considered
- Bachelor`s or Master`s degree in technical discipline or equivalent experience
- Generally, 5+ years of professional experience
- Highly proficient in security, risk and compliance concepts, processes and able to execute existing patterns
- Thorough knowledge of new and emerging technologies, well versed in IT concepts, strategies, and methodologies, as well as security aspects of multiple platforms, operating systems, software, communications, and network protocols
- Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; able to present to senior contributors and management
- Highly capable consultative skills, including the ability to understand and assist in applying customer requirements
- Extensive understanding of backlog tracking, burndown metrics, and incremental delivery
- Strong collaboration, prioritization, and adaptability skills required
About Us
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.
Liberty Mutual has proudly been recognized as a "Great Place to Work" by Great Place to Work® US for the past several years. We were also selected as one of the "100 Best Places to Work in IT" on IDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduates as well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
USD $ - $