Staff Security Engineer

About GEICO

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers' expectations while making a real impact for our company through our shared purpose.

When you join our company, we want you to feel valued, supported and proud to work here. That's why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.

Role Overview

This role is designed for a stafflevel security practitioner with deep Cyber Governance, Risk, and Compliance (GRC) expertise who shapes the vision, strategy, and outcomes of GEICO's cyber governance automation capabilities. The Staff Security Engineer owns the endtoend automated cyber governance program, including defining and delivering the roadmap for continuous control monitoring and validation, scalable evidence collection, and realtime audit readiness across GEICO's hybrid cloud and onprem environments.

This position partners closely with engineering and platform teams to translate complex regulatory, policy, and control requirements into prioritized,well-definedautomation capabilities, ensuring solutions are scalable, sustainable, and aligned to enterprise risk priorities. Success in this role means turning governance requirements into durable,outcome drivenproducts thatdemonstratecontrol effectiveness and reduce audit friction.

Cyber Governance Product & Program Ownership

• Contribute to the vision, strategy, and roadmap for GEICO's cyber governance automation capabilities, driving delivery through prioritized execution and continuous improvement.
• Define how policies, standards, regulatory frameworks, and technical controls are operationalized and continuously validated through automated evidence collection.
• Own governance automation platforms endtoend as the system of record for control health, evidence, and audit readiness across cloud and onprem environments.
• Drive near100% automation coverage, including designing scalable onprem automation strategies and governing compensating controls where full automation is not feasible, while maintaining audit defensibility.
• Define and enforce governance standards for automation coverage targets, evidence SLAs, control performance metrics, and telemetry requirements.
• Own the governance automation roadmap, prioritizing work based on risk reduction, regulatory requirements, and operational efficiency.
• Establish and operationalize a standardized, riskbased remediation lifecycle, including severity classification, timelines, escalation paths, closure criteria, and enforced SLAs.
• Maintain ownership of remediation scheduling frameworks and forwardlooking visibility into upcoming deadlines.
• Ensure all noncompliance is consistently tracked, prioritized, and driven to closure through scalable workflows.
• Partner with compliance, risk, audit, and engineering leaders to ensure governance capabilities align with enterprise risk priorities and regulatory obligations (e.g., NYDFS, PCI DSS, NIST CSF, SOC, ISO).
• Act as the single point of accountability for governance automation outcomes, including executivelevel risk, remediation, and auditreadiness reporting with forecasting.

Technical Strategy & Product Stewardship

• Own theproduct strategyanddirectionfor GEICO's Automated Cyber Governance capabilities, ensuring clearsystemofrecorddefinitions, scalability expectations, and alignment tolongtermenterprise needs.
• Partner with engineering and platform teams todefine and prioritize governance automation capabilities, providing product requirements, architectural guardrails, and acceptance criteria rather than performing direct system development.
• Define andmaintainintegration principles, system boundaries, and data standardsto ensure reliable, secure, and consistent evidence flows across cloud platforms, security tools, and internal systems.
• Evaluate and guide the responsible use of AI capabilities within governance platforms(e.g., evidence classification, control mapping suggestions, risk summarization), ensuring explainability, auditability, and alignment with regulatory expectations.
• Serve as theprimary point of accountability for governance automation outcomes, working with engineering leaders to resolve complex platform challenges and ensuresolutionsremainreliable, sustainable, and fit for purpose.
• Ownership of100% source system adoptionfeeding governance evidence (e.g., cloud, IAM, logging, asset inventory)
• Accountability foridentifyingand closing: Missing telemetry, Integration gaps, Inconsistent or unreliable data sources, Enforcement of standardized telemetry and data requirements across teams
• Ownership of automated control quality assurance, including False positive / false negative reduction, Control tuning, Drift detection
• Ensuring all automated evidence is Audit defensible, Traceable, Aligned to regulatory intent
• Ownership of control change management for new and modified controls
• Translating regulatory, policy, and control changes into:
  • Engineering requirements
  • Implementation guidance
  • Evidence expectations
• Proactive stakeholder communication:
  • What is changing
  • Why it matters
  • Compliance deadlines
  • Tracking and escalating control adoption readiness risks

Automation & Continuous Control Monitoring

• Define how security policies, standards, and control requirements are translated into automated, continuously monitored control capabilities, including clear requirements, success criteria, and evidence expectations.
• Establish standards and expectations for automated detection of control nonadherence, and partner with engineering and remediation teams to ensure appropriate remediation guidance, workflows, or integrations are in place.
• Ensure evidence outputs are audit ready, traceable, repeatable, and aligned to regulatory intent, materially reducing reliance on pointintime, manual evidence collection.
• Apply AIassisted techniques to improve control validation and evidence quality, such as anomaly detection, evidence completeness checks, control drift identification, and signal prioritization across large control populations.
• Leverage AIenabled insights to reduce noise and surface material control failures, ensuring governance automation focuses on true risk rather than generating lowvalue alerts.

CrossFunctional Leadership & Enablement

• Serve as a trusted partner and advisor to engineering, infrastructure, cloud, and security teams by providing clarity on governance requirements, regulatory intent, and how they are operationalized through scalable solutions.
• Influence partner teams to adopt a product and automation first approach to governance, compliance, and policy adherence, reducing manual effort and improving consistency across the enterprise.
• Communicate complex technical and regulatory concepts clearly to a broad range of stakeholders, including engineers, risk and audit partners, and executive leadership.
• Contribute to raising the organization's governance, automation, and product maturity through guidance, enablement, and crossfunctional collaboration.

Program Maturity & Continuous Improvement

• Continuously assess governance automation capabilities, processes, and supporting tools to identify opportunities to scale adoption, increase automation coverage, and improve effectiveness.
• Own the definition and evolution of cyber governance metrics and reporting, including dashboards that provide clear visibility into control health, automation coverage, audit readiness, and risk posture for executive and stakeholder audiences.
• Track product and program outcomes, identify gaps against regulatory and risk objectives, and prioritize improvement initiatives that advance maturity quarter over quarter.
• Incorporate AI driven insights into governance metrics and reporting, such as trend analysis, control health forecasting, or remediation prioritization, to improve executive visibility and decision-making.
• Promote continuous learning and best practices sharing across cyber governance, risk, audit, and engineering communities to improve consistency, effectiveness, and long-term sustainability.

Metrics, Reporting & Executive Insight

• Establishes and enforces the cyber governance metric model that directly drives control effectiveness, remediation accountability, and enterprise risk reduction. The Staff Security Engineer has clear ownership of defining, standardizing, and operationalizing metrics that are automationbacked, auditable, and actively used to hold teams accountable.
• Accountable for defining and owning core governance metrics, including:
  • Automation coverage (%) across regulatory and internal control sets
  • Continuous vs. manual control execution ratio
  • Evidence freshness and SLA adherence for automated controls
  • Control failure rates and recurrence trends
  • Remediation mean time to resolution (MTTR)
  • Tool, control, and automation adoption and utilization rates
  • SLA adherence by severity tier for policy, control, and regulatory findings
• Executive reporting produced by this role:
  • Clearly ties automation outcomes to measurable risk reduction
  • Demonstrates sustained, realtime audit readiness and control health
  • Quantifies operational efficiency gains from automation, including reduced manual effort, faster remediation, and fewer audit driven escalations

What Success Looks Like

• Cyber governance controls and evidence are continuously monitored, validated, and audit ready, with minimal reliance on manual or pointintime processes.
• Engineers and control owners experience reduced audit friction, clear expectations, and repeatable governance workflows embedded into standard operating practices.
• Leadership has clear, reliable visibility into control health, risk posture, and remediation progress through consistent, trusted metrics.
• Governance automation capabilities scale with the business and adapt quickly to changing regulatory requirements, risk priorities, and technology evo...