Staff Security Engineer – Cyber Governance & Automation

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities.

Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose.

When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers.

This role is designed for a staff‑level security practitioner with deep Cyber Governance, Risk, and Compliance (GRC) expertise who shapes the vision, strategy, and outcomes of GEICO’s cyber governance automation capabilities. The Staff Security Engineer owns the end‑to‑end automated cyber governance program, including defining and delivering the roadmap for continuous control monitoring and validation, scalable evidence collection, and real‑time audit readiness across GEICO’s hybrid cloud and on‑prem environments.

This position partners closely with engineering and platform teams to translate complex regulatory, policy, and control requirements into prioritized, well-defined automation capabilities, ensuring solutions are scalable, sustainable, and aligned to enterprise risk priorities. Success in this role means turning governance requirements into durable, outcome driven products that demonstrate control effectiveness and reduce audit friction.

Cyber Governance Product & Program Ownership

•

Contribute to the vision, strategy, and roadmap for GEICO’s cyber governance automation capabilities, driving delivery through prioritized execution and continuous improvement.

•

Define how policies, standards, regulatory frameworks, and technical controls are operationalized and continuously validated through automated evidence collection.

•

Own governance automation platforms end‑to‑end as the system of record for control health, evidence, and audit readiness across cloud and on‑prem environments.

•

Drive near‑100% automation coverage, including designing scalable on‑prem automation strategies and governing compensating controls where full automation is not feasible, while maintaining audit defensibility.

•

Define and enforce governance standards for automation coverage targets, evidence SLAs, control performance metrics, and telemetry requirements.

•

Own the governance automation roadmap, prioritizing work based on risk reduction, regulatory requirements, and operational efficiency.

•

Establish and operationalize a standardized, risk‑based remediation lifecycle, including severity classification, timelines, escalation paths, closure criteria, and enforced SLAs.

•

Maintain ownership of remediation scheduling frameworks and forward‑looking visibility into upcoming deadlines.

•

Ensure all non‑compliance is consistently tracked, prioritized, and driven to closure through scalable workflows.

•

Partner with compliance, risk, audit, and engineering leaders to ensure governance capabilities align with enterprise risk priorities and regulatory obligations (e.g., NYDFS, PCI DSS, NIST CSF, SOC, ISO).

•

Act as the single point of accountability for governance automation outcomes, including executive‑level risk, remediation, and audit‑readiness reporting with forecasting.

Technical Strategy & Product Stewardship

•

Own the product strategy and direction for GEICO’s Automated Cyber Governance capabilities, ensuring clear system‑of‑record definitions, scalability expectations, and alignment to long‑term enterprise needs.

•

Partner with engineering and platform teams to define and prioritize governance automation capabilities, providing product requirements, architectural guardrails, and acceptance criteria rather than performing direct system development.

•

Define and maintain integration principles, system boundaries, and data standards to ensure reliable, secure, and consistent evidence flows across cloud platforms, security tools, and internal systems.

•

Evaluate and guide the responsible use of AI capabilities within governance platforms (e.g., evidence classification, control mapping suggestions, risk summarization), ensuring explainability, auditability, and alignment with regulatory expectations.

•

Serve as the primary point of accountability for governance automation outcomes, working with engineering leaders to resolve complex platform challenges and ensure solutions remain reliable, sustainable, and fit for purpose.

•

Ownership of 100% source system adoption feeding governance evidence (e.g., cloud, IAM, logging, asset inventory)

•

Accountability for identifying and closing: Missing telemetry, Integration gaps, Inconsistent or unreliable data sources, Enforcement of standardized telemetry and data requirements across teams

•

Ownership of automated control quality assurance, including False positive / false negative reduction, Control tuning, Dr