- Third-Party Security Risk Life Cycle
- Third-Party Risk Management Framework
- Third-Party Security Assessments
- Contract Negotiations
- Business Interface, Risk Discussions, Business Risk Acceptance
- Third-Party Process Optimization
- Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
- Perform Vendor Security Onboarding and Third-Party Risk Assessment/Re-Assessment tasks
- Facilitate security onboarding process for new vendors to GEICO
- Identify risks associated with potential GEICO third-party vendors, suppliers, and partners by conducting thorough risk assessments and due diligence; coordinate and perform risk re-assessment of existing GEICO third-party vendors to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.
- Monitor and audit third parties by reviewing audit reports (i.e., SOC, ISO, etc.), vulnerability scans, and penetration tests for ongoing compliance
- Define and meet SLA expectations for assessments/re-assessments
- Monitor, track, report, and escalate third-Party Risks to Senior Management
- Communicate and collaborate with internal and external teams, stakeholders, and vendors. Assist in the continuous improvement and maturity of the organization's third risk management framework, program, processes, and tools.
- Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
- Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
- Support the development and maintenance of risk management policies, standards, and guidelines.
- Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders
- Assist with maintenance of the GRC tool used by the team.
- Perform any other job-related instructions, as requested, with reasonable accommodation.
- Participate in continuous improvement initiatives for the team.
- Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct
- Extensive 1st and/or 2nd Line of Defense hands on experience along with Remediation Management
- Experience with implementation and maturing of Cyber frameworks, MITRE ATTACK Framework, etc.
- 4+ years of experience in IT risk management or audit
- Experience working with Third Party Risk and vendor management
- One or more of the following certifications are highly desired: CRISC, CISA, CISSP, CRISC or other related certification(s) a plus
- Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI)
- Extensive hands-on experience with GRC tools.
- Solid working knowledge of IT security and infrastructure.
- Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations/risks. Ability to competently follow through on investigating such potential violations.
- Proven ability to assess Third Party Risk programs, evaluate organizational needs and implement required changes
- Ability to work independently and strategically
- Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
- Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
- Excellent critical thinking, problem-solving, and decision-making skills.
- Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
- Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
- Minimum of 4 years of experience in cyber risk management, preferably in the insurance and financial services industry.
- Bachelor’s degree in engineering, Computer Science, Cybersecurity, Information Security, or a related field
- that includes:
- Premier Medical, Dental and Vision Insurance with no waiting period**
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Assistance including Direct Billing and Reimbursement payment plan options
- Paid Training, Licensures and Certificates
- Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.
At this time, GEICO will not sponsor a new applicant for employment authorization for this position.
Benefits:
- to help secure your financial future and preserve your health and well-being, including:
- Premier Medical, Dental and Vision Insurance with no waiting period**
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Reimbursement
- Paid Training and Licensures
- Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.