Principal GRC / Regulatory / Financial Complaince Engineer - Military Veterans

Pay Philosophy

The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role.

We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance.

This role has a hybrid work schedule (2 days onsite) and we will only consider candidates based in Portsmouth, NH, Columbus, OH and Indianapolis, IN.

Job introduction:

The GRC (Governance, Risk and Compliance) team within the GCS organization is looking to add a Principal GRC / Regulatory / Financial Complaince Engineer to their team. This candidate will independently execute and assist others in the evaluation and reporting on the effectiveness of security and compliance controls as well as defining risk mitigation strategies in IT and business environments.

As a Principal Cybersecurity Specialist in the Cybersecurity Regulatory Assessment space, you would be responsible for independently designing, executing, evolving, and optimizing our cybersecurity regulatory and contractual assessment programs. Responsibilities would include the coordination, analysis, management, and monitoring of various regulations and harmonizing them with our governing cybersecurity risk and compliance programs, practices, and frameworks. You will support the assurance programs responsible for evaluating the design of controls, identifying data sources and automation opportunities, testing controls, assisting with delivery, and reporting results of our cybersecurity regulatory and contractual requirements in addition to the issues management service for tracking, treatment plan consulting, progress reporting, and closure validation for findings that result from assessment and testing conducted by teams. You will work with stakeholders globally to build awareness, consult on regulatory impacts, implementation and execution of new solutions, understand impacts of new or deprecated technology and business processes, as well as identify and confirm remediation of issues to facilitate successful assessments.

You must have the ability to understand, synthesize, and convey technology and security impacts to stakeholders at all levels of the organization, including management and our first line teams. You will collaborate across our organization and deliver results to internal and external partners, auditors, and regulators.

Ideal candidates have a passion for security, the drive to share their expertise, and the ability to collaborate and help teams deliver solutions that meet our business goals while protecting the confidentiality, integrity and availability of information systems and our data.

About the job:

• Review and testing of controls and processes to assess, operate and optimize the global cybersecurity regulatory governance operating model.
• Partner with global service delivery and assessment teams to share expertise and adapt programs as necessary to meet regulatory, contractual, or technology needs.
• Lead, contribute to, and influence the definition of a comprehensive global cybersecurity risk and compliance control framework.
• Act as a trusted advisor for interpretation and harmonization of regulatory and contractual cybersecurity drivers and company risk posture.
• Advise on impacts and recommend solutions specific to people, processes, and technology changes in the environment.
• Seek and encourage opportunities for reuse and advise on control design, evaluation, and alignment to support multiple global cybersecurity frameworks, regulatory requirements, and contractual obligations.
• Design test procedures and perform periodic reviews of operating effectiveness of controls and assess compliance to global regulatory requirements and contractual obligations.
• Collaborate and act as liaison to internal and external partners, auditors, and regulators.
• Mentor, lead, and develop team members to deliver ongoing visibility and improvements into enterprise cybersecurity regulatory, contractual, and risk posture.
• Deliver regulatory and contractual assessments using Agile concepts and methodologies and with an Agile mindset.

• Bachelors or Masters degree in technical discipline or equivalent experience, technical degree preferred.
• Minimum 8+ years of experience Regulatory and/or Financial Compliance Programs.
• Ability to assess technology and processes to determine controls, risks, regulatory impacts, and relationships with corresponding authoritative sources, controls, gaps and applicable testing strategies. Cyber Controls testing experience.
• Ability to identify, design and document controls, design and document test plans, identify and analyze data insights, and execute design and operating effectiveness tests of controls, utilizing automation.
• Effectively communicate technical and regulatory issues and impacts with a diverse audience.
• Experience building, executing, or managing end-to-end reviews, scoping, assessment, and reporting requirements for a regulatory or contractual compliance program.
• Experience and working Knowledge of IT controls/ IT auditing/Risk Assessment/Security/Compliance.
• Experience with the following: SOX, SOC, PCI-DSS, NY DFS / NAIC Insurance Data Security Model Law, DORA, APRA.
• Knowledge of frameworks and assessment practices like NIST CSF, NIST RMF, FAIR, ISO 27001, COBIT.
• Ability to integrate control frameworks and regulations into enterprise controls and advise on control design to meet cybersecurity risk and compliance needs.
• Knowledge of Agile practices and experience working with scrum teams.
• Knowledge and experience working in a diverse tooling, technology, and provider environments including custom software, commercial-off-the-shelf and third-party SaaS and PaaS solutions.
• Knowledge and experience applying and leading assessment best practices.
• Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; strategic and holistic thinking; able to present to senior contributors and management.

As a purpose-driven organization, Liberty Mutual is committed to fostering an environment where employees from all backgrounds can build long and meaningful careers. Through strong relationships, comprehensive benefits and continuous learning opportunities, we seek to create an environment where employees can succeed, both professionally and personally.

At Liberty Mutual, we believe progress happens when people feel secure. By providing protection for the unexpected and delivering it with care, we help people embrace today and confidently pursue tomorrow.

We are proud to support a diverse, equitable and inclusive workplace, where all employees feel a sense of community, belonging and can do their best work. Our seven Employee Resource Groups (ERGs) offer a centralized, open space to bring employees and allies together to connect, learn and engage.

We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: https://LMI.co/Benefits

Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.

Fair Chance Notices

• California
• Los Angeles Incorporated
• Los Angeles Unincorporated
• Philadelphia
• San Francisco