Share this Job
Apply now »

GRC Security Specialist


We are Farmers!

Join a team of diverse professionals at Farmers to acquire skills on the job and apply your learned knowledge to future roles at Farmers. Farmers Insurance also offers extensive training opportunities through the award winning University of Farmers named by Training magazine amongst top 10 corporate training units in the world.

Job Summary

The Information Security Specialist will utilize a wide range of risk-based methodologies to independently perform intermediate to advanced analysis of a broad range of interdependent medium to high cybersecurity controls and risks. Specialist must have experience with SAS 70/SSAE 16/SSAE 18 SOC reporting, readiness assessments, or other commensurate IT Audit/Compliance experience to document controls, gather evidence, perform gap analysis, and drive gap remediation. Specialists should be able analyze and establish security requirements for all company systems/networks and advise how to protect a highly complex information system to ensure the confidentiality, integrity, and availability of systems and data. Specialist must serve as a subject matter expert for a wide range of company security and technology platforms. Responsibilities will include performing highly complex reviews, assessments, and audits; conducting research; and, facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

Essential Job Functions

  • Identify, assess, document, and articulate all types of data security and data privacy risks in addition to appropriate countermeasures and controls to address data security and data privacy concerns, particularly according to SSAE 18 SOC reporting requirements.
  • Identify opportunities to proactively mitigate moderate to major risks based on threat analysis or cyber defense information for the enterprise.  
  • Design enhancements for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity. Identify and document security control objectives that demonstrate how security is integrated within IT processes. 
  • Design processes to ensure legal and regulatory security compliance requirements are met.  Interpret irregular and indeterminate patterns of noncompliance to determine their impact on levels of risk and overall effectiveness of the enterprise’s cybersecurity program.     
  • Participate in audits of cyber programs and projects. Demonstrate ownership of assigned audit actions or regulator requests by diligently providing responses and evidence within established timeframes.    
  • Build and manage relationships with a wide network of local business and IT front-line and senior stakeholders.  Demonstrate the value of information technology (IT) security throughout all levels of the organization.  
  • Influence business and IT teams to create innovative and sophisticated solutions to complex problems.  Create, review, and update security policies, procedures, standards and guidelines. 
  • Lead creation of milestones and timelines for assigned security projects/initiatives. Demonstrate ownership of assigned projects from initiation to completion. 
  • Serve as an internal consultant in multiple areas of security expertise. Drive medium-scale to enterprise-wide projects forward with minimal oversight. Utilize security reporting data to recommend leading-edge solutions or policy changes.

Physical Actions

Sits or stands for extended periods of time, up to a full work shift. Occasionally reaches overhead and below the knees, including bending, twisting, pulling, and stooping. Occasionally moves, lifts, carries, and places objects and supplies weighing 0-10 pounds without assistance. Listens to, interprets, and differentiates auditory information (e.g. others speaking) at normal speaking levels with or without correction. Visually verifies and reads information. Visually locates material, resources and other objects. Ability to continuously operate a computer for extended periods of time, up to a full work shift. Physical dexterity sufficient to use hands, arms, and shoulders repetitively to operate keyboard and other office equipment up to a full work shift.

Physical Environment

Education Requirements

High school diploma or equivalent required. Bachelors Degree in Information Systems or related discipline preferred.

Experience Requirements

At least 3 years of external/internal audit experience or prior work experience with a consulting/auditing firm.

Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, NIST, and ISO.

Direct knowledge of and exposure to SAS 70/SSAE 16/SSAE 18 SOC reporting.

Solid experience in testing, evaluating, and documenting controls for compliance.

Solid understanding of assessing and designing internal controls in an enterprise-level environment.

Strong project management skills.

PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access.


Farmers offers a competitive salary commensurate with experience, qualifications and location

•CO Only: The pay range for this job being performed in CO would be $117,900 - $130,800

•Bonus Opportunity (based on Company and Individual Performance)





•Health Savings and Flexible Spending Accounts

•Life Insurance

•Paid Time Off

•Paid Parental Leave

•Tuition Assistance

•For more information, review “What we offer” on https://www.farmers.com/careers/

Job Location(s): US - CA - Woodland Hills, US - CA - Los Angeles, US - MI - Caledonia, US - OH - Independence, US - OK - Oklahoma City, US - RW - Remote Work - Farmers, US - TX - Austin

Want to learn more about our culture & opportunities? Check out farmers.com/careers and be sure to follow us on Instagram and LinkedIn!

Nearest Major Market: Los Angeles

Apply now »