Senior Staff Engineer, Cybersecurity Compliance & Assurance

Why Join GEICO?

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities.

Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive on relentless innovation to exceed our customers' expectations while making a real impact on local communities nationwide.

Founded in 1936, GEICO is a member of the Berkshire Hathaway family of companies and one of the largest auto insurers in the United States. When you join our company, we want you to feel valued, supported, and proud to work here. That's why we offer the GEICO Pledge:
Great Company, Great Culture, Great Rewards, and Great Careers.

GEICO is seeking an experienced Senior Staff Engineer, Cybersecurity Compliance & Assurance, to lead the design, implementation, and continuous improvement of its cybersecurity compliance and assurance program, ensuring sustained compliance with NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, and other cyber regulatory obligations. This role will drive audit readiness, compliance by design, automated evidence collection, continuous control monitoring, and risk-based assessments across GEICO’s security domains.

GEICO is transforming cybersecurity through automation and a risk-based approach. The ideal candidate will have a proven track record of building effective compliance frameworks, driving end-to-end compliance, creating actionable metrics, meeting regulatory requirements, and demonstrating strong leadership and collaboration skills.

Key Responsibilities Own and mature the enterprise cybersecurity compliance program, ensuring alignment with regulatory, contractual, and business requirements.

Lead cybersecurity compliance initiatives supporting NY DFS, PCI DSS, CCPA/CPRA, NIST CSF, SOX, HIPAA, SOC Type II, ISO 27001 and other applicable regulatory frameworks.

Lead and manage security attestations/certifications supporting SOC 2 Type II, ISO 27001

Lead the development, implementation, and continuous monitoring of AI security compliance, ensuring GEICO meets applicable standards such as ISO/IEC 42001 and the NIST AI RMF.Conduct current-state and future-state assessments, compliance gap analyses, and maturity evaluations, including enterprise NIST Cybersecurity Framework assessments, to identify gaps, prioritize remediation, and develop strategic roadmaps that improve security and compliance posture.

Drive continuous audit readiness by establishing repeatable processes and partnering with technology teams to maintain documentation, evidence, and control execution that support internal audits, external assessments, regulatory examinations, and automated compliance monitoring.

Lead the identification, tracking, escalation, and remediation of compliance non-adherence, control deficiencies, audit findings, and regulatory observations through closure.

Maintain awareness of emerging regulatory requirements, advisories, enforcement actions, and industry guidance, proactively assessing impact and driving implementation plans.

Establish and maintain a compliance-by-design approach that translates regulatory and security requirements into actionable engineering controls across software development, cloud, infrastructure, and operational processes

Establish enterprise cybersecurity compliance metrics, key risk indicators, scorecards, and executive reporting that measure compliance effectiveness, control maturity, audit readiness, and progress toward strategic cybersecurity objectives.

Serve as a trusted advisor to senior leadership, providing recommendations on cybersecurity risk, regulatory compliance, governance strategy, and continuous improvement opportunities.

Lead cross-functional initiatives involving Security, Technology, Legal, Privacy, Internal Audit, Compliance, and Enterprise Risk Management to improve compliance effectiveness and reduce organizational risk.

What You Will Need Deep expertise in cybersecurity governance, risk, and compliance, including cybersecurity domains and regulatory compliance frameworks.

Extensive experience supporting NY DFS, PCI DSS, NIST CSF, CCPA/CPRA, ISO 27001, and related frameworks.

Proven success implementing enterprise-wide compliance initiatives and influencing outcomes across multiple teams and business functions without direct authority.

Deep technical understanding of cloud-hosted environments, preferably Microsoft Azure, AWS and security implications across modern technology platforms.

Strong communication skills, with the ability to engage executives, auditors, regulators, engineers, and business stakeholders and translate complex technical and regulatory requirements into clear business outcomes.

Strong problem-solving skills, creativity, and the ability to drive innovation through others while developing scalable solutions that strengthen the organization’s security posture.

Demonstrated ownership, sound judgment, and leadership maturity in navigating successes, setbacks, and complex…