Senior Cybersecurity Risk Specialist

Pay Philosophy
The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role.
Description
At Liberty Mutual Insurance, we believe progress happens when people feel secure. Our cybersecurity program must continually evolve, adapt, and advise on practices to deliver against growing regulatory requirements, increased threats, and changing people, process, and technology drivers.
Our Cybersecurity Governance, Risk, and Compliance (cGRC) organization manages IT compliance and cybersecurity risk supported by an integrated set of products and services that support the lifecycle of our assessment functions. From design and documentation of controls, to testing and assessment of our enterprise and information systems, to consulting on and validation of issues and remediations, we partner with teams across the company to understand their business drivers and optimize security practices in relation to external/regulatory drivers, cybersecurity frameworks, and organizational risk posture.
About the job:
As a Senior Analyst in the Cyber Risk Management space, you will be a key member of our growing information security risk management program. In this role, you will:

• Analyze and evaluate risks through organizational and system level risk assessment across our global footprint.
• Learn and apply risk management and threat modeling frameworks to perform assessments in the financial services industry.
• Apply quantitative risk valuation models and tooling to inform and support strategic and tactical risk-based decisions.
• Collaborate with control and information system engineering teams to close gaps during assessment.
• Partners with specialists, peers, and technology teams to communicate cybersecurity risk drivers and their relationships with controls, technology, and processes to ensure impact of decisions is communicated.
• Contribute to the creation and curation of a comprehensive cybersecurity risk and compliance control framework and library.
• Understand and communicate baseline measures for control effectiveness.
• Have the ability to communicate technical issues to diverse audiences and have knowledge and/or experience in application and infrastructure security, public cloud (SaaS, PaaS, IaaS) or another technical domain.
• Deliver and assist others in providing technical recommendations to partners, IT management and other infrastructure staff in risk assessments, implementation, and operational aspects of information security procedures and products.
• Research and assess new threats and security alerts and recommend remedial action.
• Maintain and share understanding of the latest security threats, trends, and technologies.

Ideal candidates have a passion for security, the drive to share their expertise, and the ability to collaborate and help teams deliver solutions that meet our business goals while protecting the confidentiality, integrity and availability of information systems and our data.
Qualifications:

• Bachelors or Master's Degree in technical or business discipline or related experience.
• 5+ years professional experience.
• Current CISSP, CRISC, CISA, GIAC, OpenFAIR or equivalent certification preferred.
• Working knowledge and practice of risk assessments for IT controls to assess and quantify impacts and relationships of technology to corresponding controls, gaps, and applicable testing strategies.
• Knowledge of cybersecurity control, program, and risk frameworks such as CIS Controls, NIST CSF, Factor Analysis of Information Risk (FAIR), NIST RMF, and ISO 27001 preferred.
• Knowledge and experience working in a diverse tooling, technology, and provider environments including custom software, commercial-off-the-shelf and third-party SaaS and PaaS solutions.
• Familiarity with secure engineering best practices.
• Understanding of one or more Technology Platforms (AWS, Azure, GCP, Windows, Linux, Mainframe, Middleware Applications, Database Applications) - specifically as they apply to successful security control mitigation and risk factors
• Highly collaborative with peers and customers on a technical and professional level and driven to improve service and engagement models.
• Ability to understand and align business drivers in relation to cyber risk considerations.

Qualifications

• Overview of the minimum knowledge, skills and abilities that are typically required to perform the duties of the role
• In lieu of any required and/or preferred technical/managerial experience, participation in a company wide sponsored rotational assignment program that provides broad exposure to multiple functions within the organization would be considered
• Bachelor`s or Master`s degree in technical discipline or equivalent experience
• Generally, 5+ years of professional experience
• Highly proficient in security, risk and compliance concepts, processes and able to execute existing patterns
• Thorough knowledge of new and emerging technologies, well versed in IT concepts, strategies, and methodologies, as well as security aspects of multiple platforms, operating systems, software, communications, and network protocols
• Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; able to present to senior contributors and management
• Highly capable consultative skills, including the ability to understand and assist in applying customer requirements
• Extensive understanding of backlog tracking, burndown metrics, and incremental delivery
• Strong collaboration, prioritization, and adaptability skills required

About Us
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.
Liberty Mutual has proudly been recognized as a "Great Place to Work" by Great Place to Work US for the past several years. We were also selected as one of the "100 Best Places to Work in IT" on IDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduates as well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit:
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit:
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
USD $ $