Liberty Mutual Insurance: Principal Cybersecurity Specialist – GCS Cyber Risk Assurance

Principal Cybersecurity Specialist GCS Cyber Risk Assurance


We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Right now, we have an opportunity for a Principal Software Developer to join our Global Information Security Development and Delivery team to develop Next Generation Identity Services.

Liberty Mutual Insurance Information Technology is actively searching for an experienced Information Cybersecurity Specialist. In this role you will provide technical expertise and support to clients, IT management, and staff in risk assessments, implementation, and operational aspects of appropriate information security procedures and products. You will be interfacing with Infrastructure and Application Development teams, and ensuring that the appropriate risk reduction/mitigations are put in place. In addition, you will participate in the evaluation, development, and implementation of security standards, procedures, and guidelines for multiple platforms and diverse system environments (e.g. company-wide, distributed, client server systems, and e-applications).


The Cybersecurity Specialist will assess the adequacy of security controls, evaluate threats and vulnerabilities, calculate the level of current and residual risk, and communicate these risks to IT teams, business units and management. The analyst must have the ability to convey complicated technology and security concepts to management and ideally has technical knowledge and/or experience in security, networking, systems administration, database administration, public cloud or another technical domain. Proficiency in a risk management framework and conducting risk assessments in a regulated environment is desired. Maintaining a current understanding of the latest security threats, trends and technologies is a crucial component of the position.


To succeed in this position, they must be able to develop risk management strategies that align with business goals and operations and protect the confidentiality, integrity and availability of information systems and our data.


Responsibilities
  • Conduct and/or support targeted risk assessments on defined assets within Liberty Mutual Insurance, assess the effectiveness of existing controls, and recommends remedial action

  • Determine significant risk points and exercise process for risk assessment and risk acceptance.

  • Provides technical expertise and support to client, IT management and other infrastructure staff in risk assessments, implementation and operational aspects of appropriate information security procedures and products.

  • Supports risk valuation models and tooling.
  • Informs technology SMEs and other specialists on risk exposure.

  • Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.

  • Plays an advisory role in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned.

  • Provides guidance and assistance to ensure IT controls are designed to mitigate intended risks and operating effectively.

  • Provides technical expertise and support to clients, IT management and staff in risk assessment and the implementation of appropriate information security procedures and products.

  • Researches and assesses new threats and security alerts and recommends remedial action.

  • Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations and how they will affect the LMIG environment.

  • Maintain an awareness of Liberty Mutuals security policies and government regulations pertaining to information security.

  • Keep IT Management informed of security issues by reporting performance metrics.

Minimum Qualifications
  • 7 or more years experience in the Information Security and/or Technology Risk field

  • Excellent written and oral communication skills
  • Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred.

  • Excellent customer service skills and problem resolution

  • Experience in being able to manage and prioritize multiple tasks in an effective manner

  • Ability to work independently without daily direction

Preferred Skills
  • Strong understanding of mitigating security controls (i.e., anti-virus, IPS/IDS, email filtering, web site blocking, patching) and how they work in an overall defense in depth risk assessment methodology.

  • Understanding of network infrastructure, including firewalls, web proxy and/or email architecture- particularly as they apply in a mitigating control functionality

  • Understanding of back-channels typically used by actors for malicious activity

  • Understanding of obfuscation techniques and best practices for ensuring device non-attribution

  • Understanding of one or more Technology Platforms (Windows, Linux, Mainframe, Middleware Applications, Database Applications)- specifically as they apply to successful security control mitigation and particularly to vulnerability management

  • Understanding of distributed denial of service attack intelligence gathering, concepts, mitigation tools and techniques

  • Understanding of mobility security device and application risk and threat assessment

  • Understanding of nation and non-nation state actors, hactivist groups, advanced threats and the "kill chain" methodology

  • Knowledge of cyber security standard frameworks such as ISO and NIST

  • Familiarity with secure coding best practices.
  • Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required.

  • Work independently, make decisions and multi-task effectively in a very diverse, project oriented environment.

  • Ability to complete high quality deliverables.

We take care of our employees

We strongly believe that a great job should keep you happy both at workand in life. Thats why we offer:

  • Workplace Flexibility

  • Wellness Perks

  • Collaborative workspaces

  • Sit/stand desks

  • Career development, programs and classes

  • Diversity & Inclusion programs

  • Commuter Benefits

  • Adoption Assistance

  • College Savings Plan

  • Education reimbursement

  • Hackathon Events

Liberty Mutual was named as a 2016 Great Place to Work by Great Place to Work US.

For more info about our benefits - Benefits Information
Learn more about Tech at Liberty Mutual Search Our Jobs

Check out our Tech at Liberty Mutual YouTube playlist - Show me the Videos

Full-time

Employee Testimonials

Steve H.

"The biggest misconception about Tech at Liberty Mutual is that the technology shop here is outdated, boring and lacks opportunity. There is a strong push for failing fast, going agile, building microservices, using the latest technology tools and building a culture of innovation."

Matt W.

"I like working at Liberty Mutual because they treat their employees very well. Liberty understands the importance of a work-life balance. Because I have significant vacation time, and a flexible workplace schedule, I come to work happier every day. I don't feel the pressure that I may be fired if I need to take a few days off or can't make it into the office due an appointment."

Matt K.

"I immensely enjoy what I get to work on every day. Reading about machine learning and applying it in a way that has actual business value is great."

Cara B.

"We are working with top notch technologies and we get to live a little. We have the best of both worlds here."

Jeremiah T.

"The sense of community working here has been a lot different than I expected at a big company. Everyone is helpful and looking to make sure you have the resources you needed to grow in the company."