Third Party Risk Manager

GEICO is a leading insurance provider in the United States, and we are committed to providing exceptional service and delivering innovative financial protection solutions to our customers.

As part of our ongoing commitment to maintaining the highest standards of security and risk management, we are seeking experienced and talented Third-Party Risk Manager to join our Cyber Risk Management team.

This is not a formal leadership role. As a Third-Party Risk Manager, you will work closely with technical and business process teams to facilitate third party risk assessments.

Position Description :

The Third-Party Risk Management team is responsible for proactively identifying, mitigating, monitoring, and reporting third-party relationships.

The primary functions of the Third-Party Risk Management (TPRM) Team includes :

Third-Party Security Risk Life Cycle

Third-Party Risk Management Framework

Third-Party Security Assessments

Contract Negotiations

Business Interface, Risk Discussions, Business Risk Acceptance

Third-Party Process Optimization

The role requires a strong background and understanding of all cybersecurity domains. The candidate must use a business risk-based approach to the decision-making process.

Position Responsibilities

As a Third-Party Risk Manager, you will :

Maintain a broad understanding of cybersecurity trends, threats, and best practices to ensure risk mitigation strategies remain current and effective.

Perform Vendor Security Onboarding and Third-Party Risk Assessment / Re-Assessment tasks

Facilitate security onboarding process for new vendors to GEICO

Identify risks associated with potential GEICO third-party vendors, suppliers, and partners by conducting thorough risk assessments and due diligence;

coordinate and perform risk re-assessment of existing GEICO third-party vendors to ensure risk and compliance is maintained and aligns with industry best practices and internal policies and standards.

Monitor and audit third parties by reviewing audit reports (i.e., SOC, ISO, etc.), vulnerability scans, and penetration tests for ongoing compliance

Define and meet SLA expectations for assessments / re-assessments

Monitor, track, report, and escalate third-party risks to Senior Management

Communicate and collaborate with internal and external teams, stakeholders, and vendors. Assist in the continuous improvement and maturity of the organization's third risk management framework, program, processes, and tools.

Develop and provide training / guidance to stakeholders across the organization to promote a strong risk-aware culture.

Collaborate with other risk management professionals to share knowledge, best practices, and lessons learned.

Support the development and maintenance of risk management policies, standards, and guidelines.

Develop and provide key reports and metrics on a periodic basis to Senior Stakeholders

Assist with maintenance of the GRC tool used by the team.

Perform any other job-related instructions, as requested, with reasonable accommodation.

Participate in continuous improvement initiatives for the team.

Recommend new (or changes to existing) policies and procedures for the general operation of the company and its risk program to prevent illegal, unethical, or improper conduct

Extensive 1st and / or 2nd Line of Defense hands on experience along with Remediation Management

Experience with implementation and maturing of Cyber frameworks, MITRE ATTACK Framework, etc.

Qualifications :

4+ years of experience in IT risk management or audit

Experience working with third party risk and vendor management

One or more of the following certifications are highly desired : CRISC, CISA, CISSP, CRISC or other related certification(s) a plus

Comprehensive understanding of cybersecurity principles, frameworks, and regulations (e.g., ITIL, NIST, MITRE, COBIT, COSO, HITRUST, SOC reports, CSF, ISO, GDPR, PCI)

Extensive hands-on experience with GRC tools.

Solid working knowledge of IT security and infrastructure.

Ability to develop a rapport with all employees to cultivate an environment conducive to reporting possible policy violations / risks.

Ability to competently follow through on investigating such potential violations.

Proven ability to assess third party risk programs, evaluate organizational needs and implement required changes

Ability to work independently and strategically

Demonstrated expertise in identifying and analyzing risks and developing effective mitigation strategies.

Strong technical knowledge and diverse skillset to understand various technologies, systems, and potential risks.

Excellent critical thinking, problem-solving, and decision-making skills.

Strong interpersonal and communication skills, with the ability to effectively collaborate with both technical and non-technical peers.

Proven ability to manage multiple projects simultaneously and prioritize tasks based on urgency and impact.

Experience :

Minimum of 4 years of experience in cyber risk management, preferably in the insurance and financial services industry.

Education :

Bachelor’s degree in engineering, Computer Science, Cybersecurity, Information Security, or a related field

Benefits :

At GEICO, we make sure you have the support and resources to leverage and develop your skills, secure your financial future, and take care of your health and well-being.

GEICO continually seeks to provide a workplace where everyone can be their authentic self. To help achieve this goal, we support associate-led Employee Resource Groups that foster a true sense of community.

Through GEICO’s competitive benefits offerings and various training and development opportunities, we have you covered with our * that includes :

Premier Medical, Dental and Vision Insurance with no waiting period

Paid Vacation, Sick and Parental Leave

401(k) Plan

Tuition Assistance including Direct Billing and Reimbursement payment plan options

Paid Training, Licensures and Certificates

Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.

Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire coverage to take effect.

LI-AW1

At this time, GEICO will not sponsor a new applicant for employment authorization for this position.

Benefits :

As an Associate, you’ll enjoy our

• to help secure your financial future and preserve your health and well-being, including :
• Premier Medical, Dental and Vision Insurance with no waiting period
• Paid Vacation, Sick and Parental Leave
• 401(k) Plan
• Tuition Reimbursement
• Paid Training and Licensures
• Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.

Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.