About GEICO
For more than 75 years, GEICO has stood out from the rest of the insurance industry! As a wholly owned subsidiary of Berkshire Hathaway, we are one of the nation's largest, fastest-growing and financially stable auto insurers thanks to our low rates, outstanding service and clever marketing. In 2023, GEICO earned premiums worth over $40 billion U.S. dollars.
GEICO is going through a massive digital transformation to re-platform the Insurance industry, removing friction across Customers, Partners, Marketplace, Segments, Channels, and Experiences as we grow our reach and market share. Our success is no secret - it's the result of investing in dedicated and hardworking associates who provide exceptional service and solutions to our clients.
We are seeking an experienced Internal Security Assessor (ISA) to lead our Payment Card Industry (PCI) Data Security Standard (DSS) compliance and internal controls program. You will be integral to ensuring the organization’s systems, processes, and controls meet PCI DSS requirements while fostering collaboration across IT, business, and corporate functions. You’ll ensure the security of customer data while shaping the future of our compliance programs. You bring extensive Big 4 or comparable consulting experience, CISO-level leadership expertise, a proven track record in board reporting, and the ability to deliver impactful PCI-focused technology, security initiatives and transformative solutions.
Location:
Hybrid (3 days per week in office) in our Manhattan, NY; Chevy Chase, MD; Chicago, IL; or Dallas, TX office
Periodic (25%) travel to New York, NY and Chevy Chase, MD
Key Responsibilities:
As GEICO’s Internal Security Assessor, you will be accountable for:
PCI DSS Compliance: Lead the transformation and execution of GEICO’s PCI DSS compliance program, conducting gap analyses, managing remediation efforts, and preparing for audits.
Control Frameworks: Design, implement, and monitor controls to ensure continuous PCI DSS compliance, addressing areas such as access management, encryption, logging, and monitoring.
Technology and Security Initiatives: Deliver PCI-specific security solutions, such as tokenization, centralized MFA for PCI environments, and advanced threat detection to safeguard payment card data.
Partner Integrations: Conduct PCI DSS-focused due diligence during merger & acquisition, vendor engagements or integration activities, ensuring seamless integration of internal and external partners into GEICO’s compliance framework and mitigating risks related to cardholder data security.
Automation and Efficiency: Drive automation of PCI DSS evidence collection, audit preparation, and reporting processes to improve compliance efficiency and reduce manual effort.
Senior Leadership Reporting: Provide regular updates to senior leadership on PCI DSS compliance status, key risks, and remediation plans, ensuring alignment with business goals.
Collaboration: Partner with Technology, infrastructure, and business teams to integrate PCI DSS requirements into all relevant processes, ensuring compliance is embedded in day-to-day operations.
Governance and Risk Management: Align PCI DSS compliance efforts with broader governance frameworks, such as NIST CSF and ISO 27001, to support enterprise risk management.
Training and Awareness: Develop and lead PCI DSS-specific training programs to increase organizational awareness and foster a culture of compliance.
Qualifications:
Bachelor’s degree in Computer Science, or a related field. An MBA or advanced Technology degree (completed or in progress) is preferred.
Leadership experience as a CISO or CISO-adjacent role, managing PCI DSS compliance programs and reporting to executive stakeholders.
Extensive Big 4 or comparable consulting experience, delivering PCI DSS solutions for enterprise clients.
Proven success in developing and implementing PCI DSS compliance strategies, conducting audits, and managing remediation projects.
Expertise in conducting PCI DSS-focused due diligence for M&A activities and integrating compliance into acquired entities.
Technical Skills: In-depth knowledge of PCI DSS requirements and security technologies such as tokenization, SIEM, DLP, encryption, and logging solutions within PCI environments.
Soft Skills: Strong communication (verbal and written) and leadership skills, with the ability to engage both technical and non-technical stakeholders in PCI DSS initiatives.
#LI-AN1
Annual Salary
$140,000.00 - $300,000.00The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations.
Benefits:
As an Associate, you’ll enjoy our Total Rewards Program* to help secure your financial future and preserve your health and well-being, including:
Premier Medical, Dental and Vision Insurance with no waiting period**Paid Vacation, Sick and Parental Leave401(k) PlanTuition AssistancePaid Training and Licensures*Benefits may be different by location. Benefit eligibility requirements vary and may include length of service.
**Coverage begins on the date of hire. Must enroll in New Hire Benefits within 30 days of the date of hire for coverage to take effect.
The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled.
GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.