risk manager Chevy Chase, MD
GEICO
Full Time
Chevy Chase, MD
204500 - 82000 USD ANNUAL Today
Job description
GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking an experienced and talented Cyber Application Risk Manager to join our Cyber Risk Management team. This is not a formal leadership role. As a Cyber Application Risk Manager, you will work closely with technical and business process teams to facilitate application risk assessments. Key responsibilities include:
Key Responsibilities:
- Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.
- Perform Application Onboarding and Application Risk Assessment/Re-Assessment tasks:
- Facilitate security onboarding process for new applications to GEICO.
- Identify risks associated with GEICO applications by conducting thorough risk assessments and due diligence; coordinate and perform risk re-assessment of existing GEICO applications to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.
- Define and meet SLA expectations for assessments/re-assessments
- Monitor, track, report assessment results for Control Owners; and escalate application risks to Senior Leadership.
- Communicate and collaborate with internal and external teams, stakeholders, and leadership. Assist in the continuous improvement and maturity of the organization's application risk management framework, program, processes, and tools.
- Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.
- Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.
- Support the development and maintenance of risk management policies, standards, and guidelines.
- Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders.
- Assist with maintenance of the GRC tool used by the team.
- Perform any other job-related instructions, as requested, with reasonable accommodation.
- Participate in continuous improvement initiatives for the team.
- Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct.
- Extensive 1st and/or 2nd Line of Defense hands on experience along with Remediation Management.
- Experience with implementation and maturing of Cyber frameworks, NIST-CSF, ISO, MITRE ATTACK Framework, etc.
Qualifications:
- Experience working with application security and secure development practices.
- One or more of the following certifications: CRISC, CISA, CISSP, CRISC or other related certification(s) a plus.
- Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI, NYDFS).
- Extensive hands-on experience with GRC tools.
- Solid working knowledge of IT security and infrastructure controls.
- Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations/risks. Ability to competently follow through on investigating such potential violations.
- Proven ability to assess application risk programs, evaluate organizational needs and implement required changes.
- Ability to work independently and strategically.
- Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.
- Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.
- Excellent critical thinking, problem-solving, and decision-making skills.
- Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.
- Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.
Experience:
- Minimum 5-8 years of experience in IT risk management and/or audit experience in cyber risk management, preferably in the insurance and financial services industry.
Education:
- Bachelor’s degree in Engineering, Computer Science, Information Security, or a related field
Certifications:
- CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Controls) or other relevant cybersecurity certifications are a plus.
Benefits:
As an Associate, you’ll enjoy our
Total Rewards Program
- to help secure your financial future and preserve your health and well-being, including:
- Premier Medical, Dental and Vision Insurance with no waiting period**
- Paid Vacation, Sick and Parental Leave
- 401(k) Plan
- Tuition Reimbursement
- Paid Training and Licensures
- Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.
**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.
Annual Salary
$82,000.00 - $204,500.00The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.
