Senior Staff Engineer, Cybersecurity Compliance & Assurance
About the role
GEICO is seeking an experienced Senior Staff Engineer, Cybersecurity Compliance & Assurance, to lead the design, implementation, and continuous improvement of its cybersecurity compliance and assurance program, ensuring sustained compliance with NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, and other cyber regulatory obligations.
Responsibilities
Own and mature the enterprise cybersecurity compliance program, ensuring alignment with regulatory, contractual, and business requirements.
Lead cybersecurity compliance initiatives supporting NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, SOC Type II, ISO 27001 and other applicable regulatory frameworks.
Lead and manage security attestations/certifications supporting SOC 2 Type II, ISO 27001
Develop, implement, and continuously monitor AI security compliance, ensuring GEICO meets applicable standards such as ISO/IEC 42001 and the NIST AI RMF.
Conduct current-state and future-state assessments, compliance gap analyses, and maturity evaluations, including enterprise NIST Cybersecurity Framework assessments, to identify gaps, prioritize remediation, and develop strategic roadmaps that improve security and compliance posture.
Drive continuous audit readiness by establishing repeatable processes and partnering with technology teams to maintain documentation, evidence, and control execution that support internal audits, external assessments, regulatory examinations, and automated compliance monitoring.
Identify, track, escalate, and remediate compliance non-adherence, control deficiencies, audit findings, and regulatory observations through closure.
Proactively assess emerging regulatory requirements, advisories, enforcement actions, and industry guidance, driving implementation plans.
Establish and maintain a compliance-by-design approach that translates regulatory and security requirements into actionable engineering controls across software development, cloud, infrastructure, and operational processes.
Maintain enterprise cybersecurity compliance metrics, key risk indicators, scorecards, and executive reporting that measure compliance effectiveness, control maturity, audit readiness, and progress toward strategic cybersecurity objectives.
Serve as a trusted advisor to senior leadership, providing recommendations on cybersecurity risk, regulatory compliance, governance strategy, and continuous improvement opportunities.
Lead cross-functional initiatives involving Security, Technology, Legal, Privacy, Internal Audit, Compliance, and Enterprise Risk Management to improve compliance effectiveness and reduce organizational risk.
Qualifications
Deep expertise in cybersecurity governance, risk, and compliance, including cybersecurity domains and regulatory compliance frameworks.
Extensive experience supporting NY DFS, PCI DSS, NIST CSF, CCPA/CPRA, ISO 27001, and related frameworks.
Proven success implementing enterprise-wide compliance initiatives and influencing outcomes across multiple teams and business functions without direct authority.
Strong technical understanding of cloud-hosted environments, preferably Microsoft Azure, AWS and security implications across modern technology platforms.
Strong communication skills, with the ability to engage executives, auditors, regulators, engineers, and business stakeholders and translate complex technical and regulatory requirements into clear business outcomes.
Strong problem-solving skills, creativity, and the ability to drive innovation through others while developing scalable solutions that strengthen the organization’s security posture.
Demonstrated ownership, sound judgment, and leadership maturity in navigating successes, setbacks, and complex decisions.
Ability to balance multiple assignments across teams and dependency areas while maintaining execution focus.
Pay
$120,000.00 - $260,000.00
Schedule
TBD