SomervilleRecruiter Since 2001
the smart solution for Somerville jobs

Principal Cybersecurity Specialist

Company: Liberty Mutual
Location: Somerville
Posted on: May 10, 2022

Job Description:

Principal Cybersecurity Specialist - Cyber Risk Assessment At Liberty Mutual Insurance, we believe progress happens when people feel secure. Our cybersecurity program must continually evolve, adapt, and advise on practices to deliver against growing regulatory requirements, increased threats, and changing people, processes, and technology drivers. Our Cybersecurity Governance, Risk, and Compliance (cGRC) organization manages IT compliance and cybersecurity risk supported by an integrated set of products and services that support the lifecycle of our assessment functions. From design and documentation of controls, to testing and assessment of our enterprise and information systems, to consulting on and validation of issues and remediations, we partner with teams across the company to understand their business drivers and optimize security practices in relation to external/regulatory drivers, cybersecurity frameworks, and organizational risk posture. As a Principal Cybersecurity Specialist in the Cyber Risk Assessment space, you will be a key member of our cybersecurity risk assessment program. You will independently lead and collaborate on analyzing and providing risk assessment for cloud and traditional infrastructure applications across our global organization. You would lead and influence global stakeholders to identify and maintain controls and control patterns, establish baseline measures for control effectiveness, work with information system teams to select controls, and work with control and information teams to close gaps during assessment. You must have the ability to convey complicated technology and security concepts to diverse audiences and ideally have deep knowledge and/or experience in security, networking, systems administration, application development, database administration, public cloud, or another technical domain. Proficiency in a risk management framework and conducting risk assessments in the financial services industry or other regulated industries is a plus. Maintaining and sharing a current understanding of the latest security threats, trends and technologies is a crucial component of the position. Ideal candidates have a passion for security, the drive to share their expertise, and the ability to collaborate and help teams deliver solutions that meet our business goals while protecting the confidentiality, integrity and availability of information systems and our data. About the job

Acts as a trusted advisor partnering with specialists, peers, and technology teams to interpret and communicate cybersecurity risk drivers and their relationships with controls, technology, and processes to ensure impact of decisions is understood, documented, and clearly communicated.Promote and contribute to the creation and curation of a comprehensive cybersecurity risk and compliance control framework and library.Supports and promotes the use of quantitative risk valuation models and tooling to inform and support decision-making.Determine significant risk points through application and threat model review, and exercise process for risk assessment and risk acceptance.Provides technical expertise and leadership to partners, IT management and other infrastructure staff in risk assessments, implementation, and operational aspects of information security procedures and products Researches and assesses new threats and security alerts and recommends remedial action.Maintains ongoing awareness of existing and proposed security standard setting groups, State, Federal and Global regulations, and assesses impact and modification to existing security standards and procedures as necessary.Qualifications:
Bachelors or Master's Degree in technical or business discipline or related experience8+ years professional experience Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred.Working knowledge and practice in leading and executing assessments of IT controls as a risk practitioner assessing technology and processes to assess and quantify impacts and relationships with corresponding controls, gaps, and applicable testing strategiesKnowledge of cybersecurity control, program, and risk frameworks such as CIS Controls, NIST CSF, FAIR, NIST RMF, and ISO 27001Knowledge and experience working in a diverse tooling, technology, and provider environments including custom software, commercial-off-the-shelf and third-party SaaS and PaaS solutions. Strong understanding of mitigating security controls and how they impact the risk model.Familiarity with secure coding best practices.Understanding of nation and non-nation state actors, hacktivist groups, advanced threats and the "kill chain" methodology as well as techniques typically used by actors for malicious activityUnderstanding of one or more Technology Platforms (AWS, Azure, GCP, Windows, Linux, Mainframe, Middleware Applications, Database Applications)- specifically as they apply to successful security control mitigation and particularly to vulnerability managementHighly collaborative with peers and customers on a technical and professional level and driven to improve service and engagement models.Strong negotiation, facilitation and consensus building skills; strong oral and written communication skills; able to present to senior contributors and managementDemonstrated ability to understand and align business drivers in relation to cyber risk considerationsAt Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That's why we provide an environment focused on openness, inclusion, trust and respect. Here, you'll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession. Liberty Mutual has proudly been recognized as a "Great Place to Work" by Great Place to Work US for the past several years. We were also selected as one of the "100 Best Places to Work in IT" onIDG's Insider Pro and Computerworld's 2020 list. For many years running, we have been named by Forbes as one of America's Best Employers for Women and one of America's Best Employers for New Graduates-as well as one of America's Best Employers for Diversity. To learn more about our commitment to diversity and inclusion please visit: We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.

Keywords: Liberty Mutual, Somerville , Principal Cybersecurity Specialist, Other , Somerville, Massachusetts

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Massachusetts jobs by following @recnetMA on Twitter!

Somerville RSS job feeds