CSAA Insurance Group (CSAA IG), a AAA insurer, is one of the top personal lines property and casualty insurance groups in the U.S. Our employees proudly live our core beliefs and fulfill our enduring purpose to help members prevent, prepare for and recover from life's uncertainties, and we're proud of the culture we create together. As we commit to progress over perfection, we recognize that every day is an opportunity to be innovative and adaptable. At CSAA IG, we hire good people for a brighter tomorrow. We are actively hiring for a Cybersecurity Metrics Manager - Remote! Join us and support CSAA IG in achieving our goals.

Your Role:

The Cybersecurity Metrics Manager is a highly skilled servant leader responsible for leading and managing the development, implementation, and management of cybersecurity and compliance metrics within the CSAA Insurance Group. This role plays a vital part in ensuring effective Governance, Risk Management, and Compliance (GRC) practices by guiding in defining, measuring, and reporting on Key Performance Indicators (KPIs) and metrics related to both cybersecurity and compliance. The Cybersecurity Metrics manager leads a team of highly talented security metrics domain experts and collaborates with multi-functional teams to establish important metrics, improve security posture, drive compliance efforts, and inform decision-making.

Your Work:

• Develop and maintain a comprehensive cybersecurity metrics framework that aligns with industry standard processes, regulatory requirements, and the organization's objectives.

• Lead the design, implementation, and management of cybersecurity metrics programs, ensuring consistent and accurate data collection, analysis, and reporting.

• Define Key Performance Indicators (KPIs) and metrics to measure the efficiency of cybersecurity controls, incident response, vulnerability management, and other relevant areas.

• Collaborate with business leaders to understand their information needs and develop customized metrics and reports to address specific cybersecurity and compliance requirements.

• Establish processes and methodologies for data collection, normalization, and aggregation from various security systems, tools, and platforms.

• Analyze and interpret data to identify trends, patterns, and areas of improvement.

• Deliver actionable insights and recommendations to improve CSAA IG's security posture and compliance efforts.

• Engage closely with security operations, risk management, compliance, and other teams to ensure metrics align with GRC objectives and provide valuable insights for decision-making.

• Develop and maintain dashboards, visualizations, and reports to present metrics and key findings related to cybersecurity and compliance to executive leadership, senior management, and other leaders.

• Stay updated on industry trends, emerging cyber threats, regulatory developments, and compliance frameworks related to cybersecurity and compliance metrics.

• Continuously enhance knowledge and expertise in the field.

• Collaborate with internal and external auditors during GRC audits to provide metrics-related documentation, evidence, and insights.

• Drive continuous improvement by evaluating and implementing new tools, technologies, and methodologies to enhance the effectiveness and efficiency of cybersecurity metrics and compliance metrics management.

• Serve as a leader to highly talented subject matter experts on cybersecurity metrics, compliance metrics, and GRC practices, providing guidance, training, and support to team members across the organization.

Required Experience, Education, and Skills:

• In-depth knowledge of cybersecurity frameworks, compliance frameworks, regulatory requirements, standards, and best practices (e.g., NIST, ISO 27001, CIS Controls, CCPA, HIPAA, GDPR, etc.) and their application to metrics management.

• Proven experience in developing and implementing cybersecurity metrics programs, compliance metrics programs, and associated data collection, analysis, and reporting processes.

• Strong understanding of GRC principles and practices, including risk management, compliance requirements, and audit processes.

• Proficiency in data analysis, data visualization, and reporting tools (e.g., Excel, Tableau, Power BI) to effectively present metrics and insights.

• Familiarity with security technologies, tools, and solutions commonly used in the industry, such as Security Information and Event Management (SIEM), vulnerability management, and threat intelligence platforms.

• Excellent analytical and problem-solving skills, with the ability to identify trends, patterns, and relationships within complex data sets.

• Effective communication and interpersonal skills to collaborate with team members at all levels, explain technical concepts to non-technical audiences, and influence decision-making.

• Proactive attitude, willing to work independently and drive initiatives forward.

• Relevant certifications such as CISSP, CISM, CRISC, or GRC-related certifications are highly desirable.

• Bachelor of Science (B.S.) in Information Security or related field.

• 5-7 years of experience in cybersecurity, GRC, metrics management, or related roles, with a specific focus on cybersecurity and compliance metrics.

• 1-2 years in a people leadership experience.

What would make us excited about you?

• Creates a collaborative, inclusive and psychologically safe environment, demonstrating authenticity and fostering trust to inspire and empower team members and colleagues

• Actively shapes our company culture through words and actions (e.g., supporting employee resource groups, mentoring employees, volunteering, joining multi-functional projects, encouraging team member involvement in these activities)

• Champions our cultural norms (e.g., willing to have cameras when it matters: interviewing candidates, building relationships with team members, etc.)

• Translates our enterprise strategy and priorities for their team members to connect to the bigger picture

• Demonstrates a company ownership attitude, thinking beyond boundaries of their own area

• Travels as needed for role, including enterprise meetings, divisional / team meetings, and other in-person meetings

• Fulfills business needs, which may include investing extra time, helping other teams, etc

CSAA IG Careers

At CSAA IG, we’re proudly devoted to protecting our customers, our employees, our communities, and the world at large. We are on a climate journey to continue to do better for our people, our business, and our planet. Taking bold action and leading by example. We are citizens for a changing world, and we continually change to meet it.

Join us if you…

• BELIEVE in a mission focused on building a community of service, rooted in inclusion and belonging.

• COMMIT to being there for our customers and employees.

• CREATE a sense of purpose that serves the greater good through innovation.

Recognition: We offer a total compensation package, performance bonus, 401(k) with a company match, and so much more! Read more about what we offer and what it is like to be a part of our dynamic team at https://careers.csaa-insurance.aaa.com/us/en/benefits

In most cases, you will have the opportunity to choose your preferred working location from the following options when you join CSAA IG: remote, hybrid, or in-person. Submit your application to be considered. We communicate via email, so check your inbox and/or your spam folder to ensure you don’t miss important updates from us. If a reasonable accommodation is needed to participate in the job application or interview process, please contact TalentAcquisition@csaa.com.

As part of our values, we are committed to supporting inclusion and diversity at CSAA IG. We actively celebrate colleagues’ different abilities, sexual orientation, ethnicity, and gender. Everyone is welcome and supported in their development at all stages in their journey with us.

We are always recruiting, retaining, and promoting a diverse mix of colleagues who are representative of the U.S. workforce. The diversity of our team fosters a broad range of ideas and enables us to design and deliver a wide array of products to meet customers’ evolving needs.

CSAA Insurance Group is an equal opportunity employer.

The national average salary range for this position is $144,450-$160,500. However, we have a location-based compensation structure. Our salary ranges vary and are calculated based on county of residence. The full salary range for this position across all the states we hire in is $129,870-$192,500. This role also includes an opportunity for a company-wide annual discretionary bonus, through our Annual Incentive Plan (AIP), of up to 15% of eligible pay.

If you apply and are selected to continue in the recruiting process, we will schedule a preliminary call with you to discuss the role and will disclose during that call the available salary based on your location. Factors used to determine the actual salary offered may include location, experience, or education.

Please note we are hiring for this role remote anywhere in the United States with the following exceptions: Hawaii and Alaska.

Must have authorization to work indefinitely in the US.

#HP_RX

#LI-MB1