Sr. Cyber GRC Specialist (Hybrid)

At Selective, we don't just insure uniquely, we employ uniqueness.

Selective is a midsized U.S. domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years. Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2025 and certification as a Great Place to Work in 2025 for the sixth consecutive year.

Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success. Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs.

We are seeking a highly experienced and knowledgeable Cyber GRC Senior Specialist to join our team. The ideal candidate will have 5-7 years of experience in governance, risk, and compliance, along with relevant industry certifications. This role involves leading the development and maturity of our cGRC programs, ensuring compliance with internal policies and external regulations, and providing strategic guidance to the organization.

• Subject matter expert in the development, implementation, and maintenance of cGRC policies, procedures, and frameworks.
• Conduct multiple advanced comprehensive cGRC risk assessments including third-party assessments which encompass vendor onboarding and the vendor lifecycle to ensure vendors meet security and data protection standards, and to identify, evaluate, and prioritize risks across the organization, providing required and recommended mitigation action items.
• Conduct operational risk assessments internally to ensure security and data protection standards, and to identify, evaluate, and prioritize risks across the organization, providing required and recommended mitigation action items.
• Monitor and report on compliance with regulatory requirements and internal policies.
• Collaborate with various departments to ensure adherence to cGRC standards.
• Manage and oversee internal and external audits, including preparing documentation and responding to audit inquiries.
• Maintain and update risk registers and compliance documentation.
• Provide training and guidance to staff on GRC-related topics.
• Stay current with industry trends and regulatory changes to ensure ongoing compliance.
• Ability to collaborate with legal, security, business and IT teams to develop and implement strategies to mitigate risks and enhance compliance which uphold the CIA Triad, ensuring data confidentiality, integrity and availability.
• Provide strategic guidance and support to senior management on cGRC-related matters.
• Encourage cultural change by recommending sound IT security practices in day-to-day operations.
• Continuously evaluate and improve the organization's cGRC processes and tools, leveraging industry best practices, automation, and innovative solutions.
• Manage weekly and quarterly metrics related to IT Security risks, contract reviews, Non-Adherent Vendors, and vendor security incidents.
• Lead the coordination of weekly and quarterly metrics related to IT Security risks, contract reviews, Non-Adherent Vendors, and vendor security incidents.
• Lead the quarterly information security awareness training course including the design and implementation.
• Manage metrics relevant to the operational success of the cGRC program.

• 5-7 years of experience in GRC, risk management, or compliance.
• Relevant industry certifications such as CISSP, CISM, CRISC, or similar preferred.
• In-depth understanding of regulatory requirements and industry standards (e.g., NST CSF, NIST AI RMF, ISO 27001, GDPR, SOC1/2, Sarbanes-Oxley).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Proficiency in GRC tools and software.
• Demonstrated leadership and project management skills.
• Knowledge of AI regulations and industry practices including framework and risks (e.g, bias, hallucinations, and data security).

Selective Insurance offers a total rewards package that includes a competitive base salary, incentive plan eligibility at all levels, and a wide array of benefits designed to help you and your family stay healthy, achieve your financial goals, and balance the demands of your work and personal life. These benefits include comprehensive health care plans, retirement savings plan with company match, discounted Employee Stock Purchase Program, tuition assistance and reimbursement programs, and 20 days of paid time off. Additional details about our total rewards package can be found by visiting our benefits page.

The actual base salary is based on geographic location, and the range is representative of salaries for this role throughout Selective's footprint. Additional considerations include relevant education, qualifications, experience, skills, performance, and business needs.

Selective is an Equal Employment Opportunity employer. That means we respect and value every individual's unique opinions, beliefs, abilities, and perspectives. We are committed to promoting a welcoming culture that celebrates diverse talent, individual identity, different points of view and experiences - and empowers employees to contribute new ideas that support our continued and growing success. Building a highly engaged team is one of our core strategic imperatives, which we believe is enhanced by diversity, equity, and inclusion. We expect and encourage all employees and all of our business partners to embrace, practice, and monitor the attitudes, values, and goals of acceptance; address biases; and foster diversity of viewpoints and opinions.

For Massachusetts Applicants

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.