Jobs · Information Technology · Texas

Senior Staff Engineer, Cybersecurity Compliance & Assurance

GEICO · Dallas, TX · 3 wk ago
HybridInformation Technology$120k–$260k/yrFull-time

About the role

GEICO is seeking an experienced Senior Staff Engineer, Cybersecurity Compliance & Assurance, to lead the design, implementation, and continuous improvement of its cybersecurity compliance and assurance program, ensuring sustained compliance with NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, and other cyber regulatory obligations.

Responsibilities

  • Own and mature the enterprise cybersecurity compliance program, ensuring alignment with regulatory, contractual, and business requirements.

  • Lead cybersecurity compliance initiatives supporting NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, SOC Type II, ISO 27001 and other applicable regulatory frameworks.

  • Lead and manage security attestations/certifications supporting SOC 2 Type II, ISO 27001

  • Develop, implement, and continuously monitor AI security compliance, ensuring GEICO meets applicable standards such as ISO/IEC 42001 and the NIST AI RMF.

  • Conduct current-state and future-state assessments, compliance gap analyses, and maturity evaluations, including enterprise NIST Cybersecurity Framework assessments, to identify gaps, prioritize remediation, and develop strategic roadmaps that improve security and compliance posture.

  • Drive continuous audit readiness by establishing repeatable processes and partnering with technology teams to maintain documentation, evidence, and control execution that support internal audits, external assessments, regulatory examinations, and automated compliance monitoring.

  • Identify, track, escalate, and remediate compliance non-adherence, control deficiencies, audit findings, and regulatory observations through closure.

  • Proactively assess emerging regulatory requirements, advisories, enforcement actions, and industry guidance, driving implementation plans.

  • Establish and maintain a compliance-by-design approach that translates regulatory and security requirements into actionable engineering controls across software development, cloud, infrastructure, and operational processes.

  • Maintain enterprise cybersecurity compliance metrics, key risk indicators, scorecards, and executive reporting that measure compliance effectiveness, control maturity, audit readiness, and progress toward strategic cybersecurity objectives.

  • Serve as a trusted advisor to senior leadership, providing recommendations on cybersecurity risk, regulatory compliance, governance strategy, and continuous improvement opportunities.

  • Lead cross-functional initiatives involving Security, Technology, Legal, Privacy, Internal Audit, Compliance, and Enterprise Risk Management to improve compliance effectiveness and reduce organizational risk.

Qualifications

  • 10+ years of experience in governance, risk, and compliance, including leadership of enterprise cybersecurity compliance programs.

  • Proven ability to lead a successful cybersecurity compliance program in a multi-cloud or hybrid environment.

  • Strong knowledge of regulatory frameworks, compliance standards, and risk management, including NY DFS, PCI DSS, NIST CSF, ISO 27001, SOC Type II and CCPA/CPRA.

  • Experience conducting cybersecurity maturity assessments, control effectiveness reviews, and building compliance roadmaps, operating models, and implementation plans.

  • Proven ability to establish executive-level metrics, dashboards, and reporting that measure cybersecurity posture, compliance effectiveness, and organizational risk exposure.

  • Experience partnering with leaders and cross-functional teams, including Legal, Privacy, Compliance, Risk Management, and Engineering, to drive enterprise-wide governance initiatives.

  • Relevant certifications (e.g., CISSP, CISM, CISA, CRISC); additional certifications or coursework in AI, machine learning, or data analytics are a plus.

  • Strong understanding of security controls and implementation across multi-cloud environments and data centers.

  • Experience managing audits and regulatory engagements, ideally with exposure to compliance automation platforms.

  • Excellent verbal and written communication skills, with the ability to communicate effectively with senior leadership and highly technical personnel.

  • Experience in strategic planning and roadmap development.

  • Excellent problem-solving skills, proactivity, and the ability to thrive in an ambiguous environment.

Pay

$120,000.00 - $260,000.00

Similar jobs