Principal Cybersecurity Specialist – Cyber Risk Assessment
At Liberty Mutual Insurance, we believe progress happens when people feel secure. Our cybersecurity program must continually evolve, adapt, and advise on practices to deliver against growing regulatory requirements, increased threats, and changing people, processes, and technology drivers.
Our Cybersecurity Governance, Risk, and Compliance (cGRC) organization manages IT compliance and cybersecurity risk supported by an integrated set of products and services that support the lifecycle of our assessment functions. From design and documentation of controls, to testing and assessment of our enterprise and information systems, to consulting on and validation of issues and remediations, we partner with teams across the company to understand their business drivers and optimize security practices in relation to external/regulatory drivers, cybersecurity frameworks, and organizational risk posture.
As a Principal Cybersecurity Specialist in the Cyber Risk Assessment space, you will be a key member of our cybersecurity risk assessment program. You will independently lead and collaborate on analyzing and providing risk assessment for cloud and traditional infrastructure applications across our global organization. You would lead and influence global stakeholders to identify and maintain controls and control patterns, establish baseline measures for control effectiveness, work with information system teams to select controls, and work with control and information teams to close gaps during assessment.
You must have the ability to convey complicated technology and security concepts to diverse audiences and ideally have deep knowledge and/or experience in security, networking, systems administration, application development, database administration, public cloud, or another technical domain. Proficiency in a risk management framework and conducting risk assessments in the financial services industry or other regulated industries is a plus. Maintaining and sharing a current understanding of the latest security threats, trends and technologies is a crucial component of the position.
Ideal candidates have a passion for security, the drive to share their expertise, and the ability to collaborate and help teams deliver solutions that meet our business goals while protecting the confidentiality, integrity and availability of information systems and our data.
About the job
Acts as a trusted advisor partnering with specialists, peers, and technology teams to interpret and communicate cybersecurity risk drivers and their relationships with controls, technology, and processes to ensure impact of decisions is understood, documented, and clearly communicated.
Promote and contribute to the creation and curation of a comprehensive cybersecurity risk and compliance control framework and library.
Supports and promotes the use of quantitative risk valuation models and tooling to inform and support decision-making.
Determine significant risk points through application and threat model review, and exercise process for risk assessment and risk acceptance.
Provides technical expertise and leadership to partners, IT management and other infrastructure staff in risk assessments, implementation, and operational aspects of information security procedures and products
Researches and assesses new threats and security alerts and recommends remedial action.
Maintains ongoing awareness of existing and proposed security standard setting groups, State, Federal and Global regulations, and assesses impact and modification to existing security standards and procedures as necessary.
Primary Location: Remote
Additional Locations: Indianapolis, IN; Boston, MA; Dover, NH; Portsmouth, NH; Plano, TX;
Schedule: Full-TimeSalary: USD-$115,000.00-–-$161,600.00-/-Year
Travel: As Needed