Third-Party Risk Manager

GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers. As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking experienced and talented Third-Party Risk Manager to join our Cyber Risk Management team.  This is not a formal leadership role.  As a Third-Party Risk Manager, you will work closely with technical and business process teams to facilitate third party risk assessments.

Position Description:

The Third-Party Risk Management team is responsible for proactively identifying, mitigating, monitoring, and reporting third-party relationships. The primary functions of the Third-Party Risk Management (TPRM) Team includes:

• Third-Party Security Risk Life Cycle

• Third-Party Risk Management Framework

• Third-Party Security Assessments

• Contract Negotiations

• Business Interface, Risk Discussions, Business Risk Acceptance

• Third-Party Process Optimization

The role requires a strong background and understanding of all cybersecurity domains.  The candidate must use a business risk-based approach to the decision-making process.

Position Responsibilities

As a Third-Party Risk Manager, you will:

• Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.

• Perform Vendor Security Onboarding and Third-Party Risk Assessment/Re-Assessment tasks

• Facilitate security onboarding process for new vendors to GEICO

• Identify risks associated with potential GEICO third-party vendors, suppliers, and partners by conducting thorough risk assessments and due diligence; coordinate and perform risk re-assessment of existing GEICO third-party vendors to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.

• Monitor and audit third parties by reviewing audit reports (i.e., SOC, ISO, etc.), vulnerability scans, and penetration tests for ongoing compliance

• Define and meet SLA expectations for assessments/re-assessments

• Monitor, track, report, and escalate third-party risks to Senior Management

• Communicate and collaborate with internal and external teams, stakeholders, and vendors. Assist in the continuous improvement and maturity of the organization's third risk management framework, program, processes, and tools.

• Develop and provide training/guidance to stakeholders across the organization to promote a strong risk-aware culture.

• Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.

• Support the development and maintenance of risk management policies, standards, and guidelines.

• Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders

• Assist with maintenance of the GRC tool used by the team.

• Perform any other job-related instructions, as requested, with reasonable accommodation.

• Participate in continuous improvement initiatives for the team.

• Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct

• Extensive 1st and/or 2nd Line of Defense hands on experience along with Remediation Management

• Experience with implementation and maturing of Cyber frameworks, MITRE ATTACK Framework, etc.

Qualifications:

• 4+ years of experience in IT risk management or audit

• Experience working with third party risk and vendor management

• One or more of the following certifications are highly desired: CRISC, CISA, CISSP, or other related certification(s) a plus

• Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI)

• Extensive hands-on experience with GRC tools.

• Solid working knowledge of IT security and infrastructure.

• Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations/risks. Ability to competently follow through on investigating such potential violations.

• Proven ability to assess third party risk programs, evaluate organizational needs and implement required changes

• Ability to work independently and strategically

• Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.

• Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.

• Excellent critical thinking, problem-solving, and decision-making skills.

• Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.

• Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

Experience:

• Minimum of 4 years of experience in cyber risk management, preferably in the insurance and financial services industry.

Education:

• Bachelor’s degree in engineering, Computer Science, Cybersecurity, Information Security, or a related field

 

Annual Salary

$75,000.00 - $185,000.00

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.

 

At this time, GEICO will not sponsor a new applicant for employment authorization for this position.

 

Benefits:

As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:

• Premier Medical, Dental and Vision Insurance with no waiting period**
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures

*Benefits may be different by location.  Benefit eligibility requirements vary and may include length of service.

**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.

The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.