Geico

Senior Staff Engineer, Cybersecurity Compliance & Assurance

Geico$120K — $260K *
Finance & Insurance
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in governance, risk, and compliance with cybersecurity focus.
  • Proven leadership in enterprise cybersecurity compliance programs across multi-cloud environments.
  • Strong knowledge of regulatory frameworks like NY DFS, PCI DSS, NIST CSF, and ISO 27001.
  • Experience in conducting maturity assessments and building compliance roadmaps and operating models.
  • Demonstrated ability to establish executive-level metrics and reporting for cybersecurity posture and organizational risk.
  • Relevant certifications (CISSP, CISM, CISA, CRISC); AI or data analytics certifications are a plus.
  • Bachelor’s degree in computer science or Information Systems; advanced coursework is a plus.

Responsibilities

  • Own and enhance the cybersecurity compliance program to meet regulatory and business needs.
  • Lead compliance initiatives supporting various frameworks including NY DFS and PCI DSS.
  • Manage security attestations and certifications like SOC 2 Type II and ISO 27001.
  • Oversee AI security compliance development and monitoring according to applicable standards.
  • Conduct assessments to identify compliance gaps and prioritize remediation efforts.
  • Foster continuous audit readiness through effective process establishment and documentation.
  • Act as a trusted advisor, recommending strategies to senior leadership on risk and compliance.

Benefits

  • Support for professional development and continuous learning opportunities.
  • Opportunities to lead innovative cybersecurity initiatives in a dynamic environment.
  • Work in a cross-functional team setting with various departments.
  • Support for work-life balance with flexible working arrangements.
  • Participation in a leading-edge technology environment focused on automation and compliance.
Full Job Description

GEICO is seeking an experienced Senior Staff Engineer, Cybersecurity Compliance & Assurance, to lead the design, implementation, and continuous improvement of its cybersecurity compliance and assurance program, ensuring sustained compliance with NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, and other cyber regulatory obligations. This role will drive audit readiness, compliance by design, automated evidence collection, continuous control monitoring, and risk-based assessments across GEICO’s security domains.

GEICO is transforming cybersecurity through automation and a risk-based approach. The ideal candidate will have a proven track record of building effective compliance frameworks, driving end-to-end compliance, creating actionable metrics, meeting regulatory requirements, and demonstrating strong leadership and collaboration skills.

Key Responsibilities

  • Own and mature the enterprise cybersecurity compliance program, ensuring alignment with regulatory, contractual, and business requirements.

  • Lead cybersecurity compliance initiatives supporting NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, SOC Type II, ISO 27001 and other applicable regulatory frameworks.

  • Lead and manage security attestations/certifications supporting SOC 2 Type II, ISO 27001

  • Lead the development, implementation, and continuous monitoring of AI security compliance, ensuring GEICO meets applicable standards such as ISO/IEC 42001 and the NIST AI RMF.

  • Conduct current-state and future-state assessments, compliance gap analyses, and maturity evaluations, including enterprise NIST Cybersecurity Framework assessments, to identify gaps, prioritize remediation, and develop strategic roadmaps that improve security and compliance posture.

  • Drive continuous audit readiness by establishing repeatable processes and partnering with technology teams to maintain documentation, evidence, and control execution that support internal audits, external assessments, regulatory examinations, and automated compliance monitoring.

  • Lead the identification, tracking, escalation, and remediation of compliance non-adherence, control deficiencies, audit findings, and regulatory observations through closure.

  • Maintain awareness of emerging regulatory requirements, advisories, enforcement actions, and industry guidance, proactively assessing impact and driving implementation plans.

  • Establish and maintain a compliance-by-design approach that translates regulatory and security requirements into actionable engineering controls across software development, cloud, infrastructure, and operational processes

  • Establish enterprise cybersecurity compliance metrics, key risk indicators, scorecards, and executive reporting that measure compliance effectiveness, control maturity, audit readiness, and progress toward strategic cybersecurity objectives.

  • Serve as a trusted advisor to senior leadership, providing recommendations on cybersecurity risk, regulatory compliance, governance strategy, and continuous improvement opportunities.

  • Lead cross-functional initiatives involving Security, Technology, Legal, Privacy, Internal Audit, Compliance, and Enterprise Risk Management to improve compliance effectiveness and reduce organizational risk.

What You Will Need

  • Deep expertise in cybersecurity governance, risk, and compliance, including cybersecurity domains and regulatory compliance frameworks.

  • Extensive experience supporting NY DFS, PCI DSS, NIST CSF, CCPA/CPRA, ISO 27001, and related frameworks.

  • Proven success implementing enterprise-wide compliance initiatives and influencing outcomes across multiple teams and business functions without direct authority.

  • Deep technical understanding of cloud-hosted environments, preferably Microsoft Azure, AWS and security implications across modern technology platforms.

  • Strong communication skills, with the ability to engage executives, auditors, regulators, engineers, and business stakeholders and translate complex technical and regulatory requirements into clear business outcomes.

  • Strong problem-solving skills, creativity, and the ability to drive innovation through others while developing scalable solutions that strengthen the organization’s security posture.

  • Demonstrated ownership, sound judgment, and leadership maturity in navigating successes, setbacks, and complex decisions.

  • Ability to balance multiple assignments across teams and dependency areas while maintaining execution focus.

Qualifications

  • 10+ years of experience in governance, risk, and compliance, including leadership of enterprise cybersecurity compliance programs.

  • Proven ability to lead a successful cybersecurity compliance program in a multi-cloud or hybrid environment.

  • Strong knowledge of regulatory frameworks, compliance standards, and risk management, including NY DFS, PCI DSS, NIST CSF, ISO 27001, SOC Type II and CCPA/CPRA.

  • Experience conducting cybersecurity maturity assessments, control effectiveness reviews, and building compliance roadmaps, operating models, and implementation plans.

  • Proven ability to establish executive-level metrics, dashboards, and reporting that measure cybersecurity posture, compliance effectiveness, and organizational risk exposure.

  • Experience partnering with leaders and cross-functional teams, including Legal, Privacy, Compliance, Risk Management, and Engineering, to drive enterprise-wide governance initiatives.

  • Relevant certifications (e.g., CISSP, CISM, CISA, CRISC); additional certifications or coursework in AI, machine learning, or data analytics are a plus.

  • Strong understanding of security controls and implementation across multi-cloud environments and data centers.

  • Proven experience managing audits and regulatory engagements, ideally with exposure to compliance automation platforms.

  • Excellent verbal and written communication skills, with the ability to communicate effectively with senior leadership and highly technical personnel.

  • Experience in strategic planning and roadmap development.

  • Excellent problem-solving skills, proactivity, and the ability to thrive in an ambiguous environment.

  • Bachelor’s degree in computer science, Information Systems, or equivalent education or work experience; advanced coursework or certifications in relevant technical disciplines are a plus.


 

Annual Salary

$120,000.00 - $260,000.00

The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.


 

GEICO will consider sponsoring a new qualified applicant for employment authorization for this position.


 

About Geico

GEICO (Government Employees Insurance Company) is an American auto insurance company with headquarters in Chevy Chase, Maryland. It is the second largest auto insurer in the United States, after State Farm. GEICO is a wholly owned subsidiary of Berkshire Hathaway that provides coverage for more than 24 million motor vehicles owned by more than 15 million policy holders as of 2017. GEICO writes private passenger automobile insurance in all 50 U.S. states and the District of Columbia. The insurance agency sells policies through local agents, called GEICO Field Representatives, and over the phone directly to the consumer, and through their website.
Learn more about Geico
Size
40,000 employees
Industry
Founded
1936

Similar Jobs

More Jobs at Geico

More Finance & Insurance Jobs

Find similar Senior Staff Engineer, Cybersecurity Compliance & Assurance jobs: