Senior Cybersecurity Specialist - Third Party
At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.
Liberty Mutual has proudly been recognized as a “Great Place to Work” by Great Place to Work® US for the past several years. We were also selected as one of the “100 Best Places to Work in IT” onIDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduates—as well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
Senior Cybersecurity Specialist – Third Party
We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance. At Liberty Mutual Insurance, we believe progress happens when people feel secure.
About the Job
Our Senior Cybersecurity Specialists form a diverse team of security professionals who are collectively responsible for improving the overall security posture of the organization. They evaluate and manage risks, test the effectiveness and completeness of security controls, and partner with teams across the company to optimize our security posture while ensuring the business is able to innovate.
Senior Cybersecurity Specialists must continually adapt to stay ahead of a dynamic threat landscape. We are expected to continually learn and grow. This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect our business and the knowledge of what it takes to stand up a complete security program.
- Within Global Cybersecurity, the Third Party Security team functions as Subject Matter Experts (SMEs) supporting Liberty Mutual's Third Party Risk Management Office (TPRMO).
- Under limited supervision and general direction, evaluate and report on the effectiveness of security and compliance controls, as well as risk mitigation strategies in IT and business environments of third party providers.
- Collaborate with multiple internal business and procurement teams, to identify, address, and communicate inherent and residual third party risks.
- Document due diligence results, residual risks, and remediation tasks; communicate risks clearly to key stakeholders.
- Address vendor operating and other reported risk events, including security incidents, to ensure appropriate remediation plans by working closely with key stakeholders.
- Evaluates risk and develops security standards, procedures, and controls to manage that risk, with a mindset of continuous process improvement.
- Delivers and may assist other team members in threat modelling, risk identification and mitigation strategies, control documentation, evaluation of control design, evaluation of control operation, reporting of control deficiencies, and remediation strategies.
- Effectively communicates technical issues to diverse audiences.
- Generally, 5+ years of professional experience
- Bachelors degree in technical discipline or equivalent experience
- Strong oral and written communication skills; able to present to senior contributors and management
- Highly proficient in security, risk and compliance concepts, processes and able to execute existing patterns
- Proactive, self-starter capable of executing workflow with minimal oversight
- Ability to collaborate with teammates and support key stakeholders with customer centric attitude
- Keeps current on technology/industry trends and starts to investigate possible learning opportunities
- CRISC; CISA; CISM; CGEIT; CDPSE; CISSP; CIPP/US; FAIR or similar industry certification
- Big 4 or similar technology audit or consulting experience
- Experience with GRC tools
- Financial Services industry experience