Director, Cybersecurity - GRC

Liberty Mutual Insurance•Boston, MA

13h•Hybrid

About The Position

We deliver our customers peace of mind every day by helping them protect what they value most. Our passion for placing the customer at the center of everything we do is driving a transformational shift at Liberty Mutual. Operating as a tech startup within a Fortune 100 company, we are leading a digital disruption that will redefine how people experience insurance. At Liberty, you'll thrive in a hybrid setting that fosters in-person collaboration, innovation and growth. This approach optimizes both remote and in-person interactions, enabling you to connect and ideate with your team and deepen valuable relationships across the company, while still enjoying the flexibility of remote work for focused tasks and projects. This role has a hybrid work schedule (2 days onsite) and we are considering candidates based in Portsmouth, NH, Boston, MA, Plano, TX, and Indianapolis, IN. You must be authorized to work in the United States without employer sponsorship now or in the future. We will not sponsor employment visas. Candidates who will require future sponsorship, including candidates on CPT/OPT/STEMOPT who will require future sponsorship, are not eligible to apply. The GRC group within the Global Cybersecurity (GCS) organization is looking to hire a dynamic Director of Cybersecurity – Risk Assurance to lead three high-impact teams at the center of our organization. You'd own cyber risk insights, executive-level risk reporting, and governance standardization across the enterprise. What makes this different? You're not maintaining the status quo — you're building the future. We're investing in AI and innovation to transform how we assess and communicate cyber risk, and this role is the one driving that vision. You'd have a direct line to senior leadership, a mandate to modernize, and three teams ready to execute. If you want to lead strategy, not just support it, this is the role. Risk Assurance is a core function within GRC, partnering across compliance, audit, enterprise risk, and policy teams to deliver an integrated approach to cybersecurity governance and risk management that supports regulatory compliance and risk-informed decision-making. Leadership Scope • CRISP – Cyber Risk Insights & Service Program • CARR – Cyber Advisory and Risk Reporting • COP – Community of Practice

Requirements

Bachelor's or Master's Degree in technical or business discipline or related experience; Master's Degree preferred.
Minimum 10+ years Cybersecurity experience with 5 years in leadership role.
Demonstrated real world, hands-on technical design and implementation experience.
Strong familiarity with Information Security precepts, practices, and solutions.
Extensive knowledge across a broad range of identity and access management technologies.
In-depth knowledge of IT concepts, strategies and methodologies and their application to business opportunities.
In depth knowledge of project delivery, business operations, objectives and strategies.
Advanced knowledge of management concepts, practices and technique
Strong interpersonal skills with the ability to effectively influence others.
Ability to build collaborative working relationships with a broad range of enterprise stakeholders.
Strong decision-making capabilities, with proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

Responsibilities

Define and execute the Risk Assurance strategy aligned to enterprise GRC objectives.
Serve as senior advisor on cyber risk posture and emerging threats.
Champion AI, automation, and innovative risk assurance technologies.
Oversee identification, assessment, and prioritization of cyber risks.
Establish KRIs, dashboards, and executive reporting.
Advise on risks from AI, emerging technologies, and system design.
Ensure alignment with enterprise governance frameworks and regulatory requirements.
Partner across GRC functions for integrated risk governance.
Promote standardized yet flexible security governance models.
Lead, mentor, and develop high-performing cybersecurity teams.
Build inclusive culture focused on innovation and growth.
Attract and retain top cybersecurity talent.
Engage senior leaders and represent Risk Assurance in enterprise forums.
Drive cybersecurity awareness and risk-conscious culture.