At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.
Liberty Mutual has proudly been recognized as a Great Place to Work by Great Place to Work® US for the past several years. We were also selected as one of the 100 Best Places to Work in IT onIDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduatesas well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: https://jobs.libertymutualgroup.com/diversity-inclusion
We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits
Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
Associate Cybersecurity Specialist to Cybersecurity Specialist
This is a range posting from a grade 13 to grade 14
Applicants within the experience level needed for both grades are encouraged to apply.
At Liberty Mutual Insurance, we believe progress happens when people feel secure. Our cybersecurity program must continually evolve, adapt, and advise on practices to deliver against growing regulatory requirements, increased threats, and changing people, processes, and technology drivers.
Our Cybersecurity Governance, Risk, and Compliance (cGRC) organization manages IT compliance and cybersecurity risk supported by an integrated set of products and services that support the lifecycle of our assessment functions. From design and documentation of controls, to testing and assessment of our enterprise and information systems, to consulting on and validation of issues and remediations, we partner with teams across the company to understand their business drivers and optimize security practices in relation to external/regulatory drivers, cybersecurity frameworks, and organizational risk posture.
As a Cybersecurity Specialist in the Risk Assessment space, you will be a key member of our cybersecurity assessment program. You will collaborate with our assessment team to analyze risk for cloud and traditional infrastructure applications across our global organization. You would partner with peers to understand and recommend controls and control patterns, understand, apply, and communicate baseline measures for control effectiveness, and work with information system teams to identify controls and gaps during assessments.
You must have the ability to communicate technical issues to focused audiences and have general knowledge or awareness of at least one of the following technical domains: security, networking, systems administration, application development, database administration, or public cloud. Awareness of risk management frameworks and willingness to learn about risk assessment in the financial services or other regulated industries is a plus. As a member of the team, you will be supported in developing and growing your understanding of the latest security threats, trends, and current technologies.
We welcome candidates with application development, system administration or other diverse backgrounds who seek to apply their knowledge and experience to inform and develop their risk assessment practices.
Ideal candidates have a passion for security, the drive to learn more, and the ability to collaborate and help teams deliver solutions that meet our business goals while protecting the confidentiality, integrity and availability of information systems and our data.
About the job
- Partners with and assists specialists, peers, and technology teams to share cybersecurity risk drivers and relationships with controls, technology, and processes to ensure impact of decisions is communicated.
- Develops awareness and deepens understanding of a comprehensive cybersecurity risk and compliance control framework and library.
- Assists and applies quantitative risk valuation models and tooling to inform and support technology recommendations
- Understands significant risk points through application and threat model reviews, assisting in and exercising processes for risk assessment and risk acceptance.
- Assists and provides technical recommendations on existing patterns to partners, IT management and other infrastructure staff through the risk assessment process, including implementation, and operational aspects of information security procedures and products
- Develops and applies knowledge of threats and security alerts
- Bachelors in technical or business discipline or related experience,
- 1-3+ years professional experience
- Knowledge and some experience working in a diverse tooling, technology, and provider environments including custom software, commercial-off-the-shelf and third-party SaaS and PaaS solutions.
- Familiarity with secure coding best practices.
- Understanding of one or more technology platforms (Windows, Linux, Middleware Applications, Database Applications, Cloud (SaaS, IaaS, PaaS)
- Collaborative with peers and customers on a technical and professional level
- Awareness or knowledge of risk assessment practices or IT controls and testing strategies is a plus
- Awareness and/or knowledge of cybersecurity control, program, and risk frameworks such as CIS Controls, NIST CSF, NIST RMF
- Security+, cloud, or other technical certifications optional but not required