Cyber Risk Manager

GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking an experienced and talented Cyber Risk Manager to join our Cyber Risk Management team. This is not a formal leadership role.

Position Description:

As a Cyber Risk Manager, you will work closely with technical and business process teams to facilitate application risk assessments, coordinate remediation efforts, create mitigation plans, recommend controls, test control effectiveness, as well as assist with tracking remediation efforts to completion. Your role and responsibilities will cover the entire Risk Management Program.

• Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
• Perform Application Onboarding and Application Risk Assessment/Re- Assessment tasks
• Facilitate security onboarding process for new applications to GEICO.
• Identify risks associated with GEICO applications by conducting thorough risk assessments and due diligence; coordinate and perform risk re- assessment of existing GEICO applications to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.
• Define and meet SLA expectations for assessments/re-assessments
• Monitor, track, report assessment results for Control Owners; and escalate application risks to Senior Leadership.
• Develop mitigation plans
• Communicate and collaborate with internal and external teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organization's overall risk management framework, program, processes, and tools.
• Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
• Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
• Support the development and maintenance of risk management policies, standards, and guidelines.
• Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders.
• Assist with maintenance of the GRC tool used by the team.
• Perform any other job-related instructions, as requested, with reasonable accommodation.
• Participate in continuous improvement initiatives for the team.
• Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct.
• Extensive 1st and/or 2nd Line of Defense hands on experience along with Remediation Management.
• Experience with implementation and maturing of Cyber frameworks, NIST- CSF, ISO, MITRE ATTACK Framework, etc.

• Manage tracking and remediation of vulnerabilities by leveraging agreed- upon action plans and timelines with responsible teams
• Recommend appropriate policy, standards, process, and procedural updates as part of comprehensive remediation solutions
• Validate remediation by renewing application updates or deployed mitigations to verify resolution
• Experience working with application security and secure development practices.
• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI, NYDFS).
• Extensive hands-on experience with GRC tools.
• Solid working knowledge of IT security and infrastructure controls.
• Assist with the evaluation of risk/policy exception reviews to assess residual business risk after weighing application security gaps, compensating controls, and inherent risk likelihood
• Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations/risks. Ability to competently follow through on investigating such potential violations.
• Proven ability to assess application risk programs, evaluate organizational needs and implement required changes.
• Ability to work independently and strategically.
• Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
• Development, Coding, or Scripting experience preferred.
• Solid understanding of the roles internal compliance and audit teams play in Risk Management.
• Excellent critical thinking, problem-solving, and decision-making skills.
• Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

• Security+
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Controls)
• Or other relevant cybersecurity certifications

• 4+ years of experience in IT risk management and/or audit experience in cyber risk management, preferably in the insurance and financial services industry.

• Bachelor's degree in Engineering, Computer Science, Cybersecurity, Information Security, or equivalent education or work experience

• Premier Medical, Dental and Vision Insurance with no waiting period
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Assistance including Direct Billing and Reimbursement payment plan options
• Paid Training, Licensures and Certificates

• Premier Medical, Dental and Vision Insurance with no waiting period
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures