Senior Cybersecurity Specialist - Financial Compliance

Pay Philosophy
The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role.

Description
Senior Cybersecurity Specialist - Financial Compliance GRC

At Liberty Mutual Insurance, we believe progress happens when people feel secure. Our Cybersecurity Specialists form a diverse team of security professionals who are collectively responsible for improving the overall security posture of the organization. They evaluate and manage risks, test the effectiveness and completeness of security controls, and partner with teams across the company to optimize our security posture while ensuring the business is able to innovate. Cybersecurity specialists must continually adapt to stay ahead of a dynamic threat landscape. We are expected to continually learn and grow. This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect our business.

• Evaluates and assesses IT processes and controls for financial compliance to regulatory requirements (ex: Model Audit Rule and AICPA) and contractual obligations.
• Partners with stakeholders and customers across the Enterprise to effectively and efficiently communicate requirements and collect audit evidence.
• Proactively identifies and resolves identified issues within controls framework and testing.
• Delivers and assists other team members in evaluation of control design and operating effectiveness, and in identifying any control gaps as it relates to the financial compliance program.
• Advises on process improvements or issues identified in controls and recommends solutions specific to people, process, and technology.
• Effectively communicates technical and non-technical content to diverse audiences.

• Ability to assess technology and processes to determine risks, impacts, and relationships with corresponding authoritative sources and frameworks in order to provide guidance for documentation of appropriate content. Controls testing experience.
• Knowledge and experience working with; cybersecurity controls, IT auditing, risk and regulatory assessment best practices, cybersecurity and compliance frameworks such as CIS Controls, NIST CSF, ISO 27001, PCAOB (SOX) and AICPA regulations, Model Audit Rule (MAR), SSAE18 SOC 1, COBIT, International Financial Services and Insurance regulatory landscape and willingness to learn about regulatory assessments in the financial services or other regulated industries is a plus.
• Working knowledge and practice of IT controls assessment/ testing, including: planning, management, and issues identification and reporting.
• Highly collaborative with peers and customers on a technical and professional level and driven to improve service and engagement models.
• Ability to understand and align business drivers in relation to compliance considerations.
• Ability to scope and integrate control frameworks and regulatory requirements into enterprise controls and advise on control design to meet cybersecurity risk and compliance needs.
• Knowledge of Agile practices and experience working with scrum teams.

• Bachelors or Master's degree in technical discipline or equivalent experience
• Generally 5+ years of professional experience

• Highly proficient in security, risk and compliance concepts, processes and able to execute existing patterns.

• Highly capable consultative skills, including the ability to understand and assist in applying customer requirements.
• Knowledge of and experience with cybersecurity control, program, and risk frameworks such as CIS Controls, NIST CSF, ISO 27001, PCAOB (SOX) and AICPA regulations, Model Audit Rule (MAR), SSAE18 SOC 1 and relevant global frameworks preferred.
• Strong collaboration, prioritization, and adaptability skills required.
• Independent analytical thinking; thinking out of the box.
• Highly collaborative with peers, customers, and stakeholders on a technical and professional level and driven to improve service and engagement models.
• Ability to effectively communicate with all organizational levels.
• Organized and detail oriented.
• Ability to understand, interpret, and align requirements to corresponding IT policies and related content.
• Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; ability to present to senior contributors and management.