GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking experienced and talented Application Risk Manager to join our Cyber Risk Management team. This is not a formal leadership role. As a Cybersecurity Application Risk Manager, you will work closely with technical and business process teams to facilitate application risk assessments and ensure remediation of gaps.
Position Description:
The Application Risk Assessment team is responsible for proactively identifying, assessing, and managing the potential risks to an application. The primary functions of the Application Risk Assessment Team include:
Want more jobs like this?
Get jobs in Chevy Chase, MD delivered to your inbox every week.
- Application Risk Life Cycle
- Application Risk Management Framework
- Application Security Assessments
- Mitigation plans for identified gaps
- Business Interface, Risk Discussions, Business Risk Acceptance
- Application Risk Assessment Process Optimization
Position Responsibilities
As a Cybersecurity Application Risk Manager, you will:
- Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
- Periodically monitor applications for business criticality and adjust the prioritization of applications to secure first accordingly.
- Facilitate categorizing applications based on Security Risk Posture.
- Identify risks associated with new Geico applications by conducting thorough risk assessments and due diligence; coordinate and perform risk re-assessment of existing applications to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.
- Analyze and recommend security controls and procedures in acquisition, development, and change management lifecycle of applications, and provides oversight to ensure compliance.
- Write mitigation plans for identified gaps.
- Define and meet SLA expectations for assessments/re-assessments
- Monitor, track, report, and escalate application risks to Senior Management
- Communicate gaps and collaborate with internal and external teams, and stakeholders to gain commitment on remediation efforts.
- Assist in the continuous improvement and maturity of the organization's application risk management framework, program, processes, and tools.
- Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
- Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
- Support the development and maintenance of risk management policies, standards, and guidelines.
- Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders
- Assist with maintenance of the GRC tool used by the team.
- Perform any other job-related instructions, as requested, with reasonable accommodation.
- Participate in continuous improvement initiatives for the team.
- Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct
- Extensive 1st and/or 2nd Line of Defense hands on experience along with Remediation Management
- Experience with implementation and maturing of Cyber frameworks, MITRE ATTACK Framework, etc.
- Experience working with third party risk and vendor management
- Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI)
- Comprehensive understanding of the software development lifecycle (SDLC).
- Extensive hands-on experience with GRC tools.
- Solid working knowledge of IT security and infrastructure.
- Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations/risks. Ability to competently follow through on investigating such potential violations.
- Proven ability to assess third party risk programs, evaluate organizational needs and implement required changes
- Ability to work independently and strategically
- Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
- Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
- Excellent critical thinking, problem-solving, and decision-making skills.
- Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
- Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact
- Security+
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Controls)
- Or other relevant cybersecurity certifications
- 4+ years of experience in cyber risk management, preferably in the insurance and financial services industry.
- 4+ years of experience in IT risk management or audit
- Bachelor's degree in Engineering, Computer Science, Cybersecurity, Information Security, or equivalent education or work experience
At GEICO, we make sure you have the support and resources to leverage and develop your skills, secure your financial future, and take care of your health and well-being. GEICO continually seeks to provide a workplace where everyone can be their authentic self. To help achieve this goal, we support associate-led Employee Resource Groups that foster a true sense of community. Through GEICO's competitive benefits offerings and various training and development opportunities, we have you covered with our Total Rewards Program * that includes:
- Premier Medical, Dental and Vision Insurance with no waiting period
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Assistance including Direct Billing and Reimbursement payment plan options
- Paid Training, Licensures and Certificates
Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire coverage to take effect.
GEICO is proud to be an equal opportunity employer. We are committed to cultivating an environment where equal employment opportunities are available to all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO celebrates diversity and believes it is critical to our success. As such, we are committed to recruit, develop and retain the most talented individuals to join our team.
#LI-AW1
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
Benefits:
As an Associate, you'll enjoy our Total Rewards Program * to help secure your financial future and preserve your health and well-being, including:
- Premier Medical, Dental and Vision Insurance with no waiting period
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Reimbursement
- Paid Training and Licensures
Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.
GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.