Director Business Information Security Officer
Where good people build rewarding careers.
Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
The Director: Business Information Security Officer (BISO) functions as the security leader with their area of responsibility. This role will have overall accountability for the security program across one of the three major business unit; Allstate Personal Lines, Emerging Businesses or Allstate Shared Services
This role will have dual reporting structure, direct line reporting into the VP and Deputy CISO and dotted line reporting into the business unit and is responsible for ensuring that each AoR within the specific business unit has established a focused information security program aligned with the business area risks and the Allstate Corporation Information Security Program.
The BISO serves as the trusted advisor, both to the business unit and to the VP and Deputy CISO. This role will liaise between the business unit and Allstate Information Security (AIS), keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.
Oversee the establishment of a documented Information Security Program and supporting strategy for the area of responsibility (AOR)
Oversee the execution of Information Security Risk Management practices across each AoR to include an annual information security risk assessment, transparent reporting of risks and remediation plans at the business until level and overseeing the integration of security risks within the enterprise operational risk framework.
Ensure each AOR has established a comprehensive compliance program aligned with the Information Security Policy and Standards as well as regulatory and contractual requirements.
Ensure the execution of the Access Management strategy across all key applications and systems within each AOR including the establishment of user access logs to enable monitoring of access to critical data including Personally Identifiable Information (PII).
Promote corporate cyber security awareness programs and the implementation of security awareness concepts locally, customizing communications to be suitable for the business
Support the Business Unit and VP and Deputy CISO in seeking appropriate solutions to manage costs while achieving the security goals.
- Provide input into the Allstate Corporation Information Security Program
- Review and provide input into the Information Security Policy and Standards
- Ensure clear lines of communication between Business Unit, AORs and the Chief Information Security Officer
- Ensure reporting is established on the state and efficacy of security controls for the business unit projects and platforms
- Secure ongoing security funding for special/complex projects, and evangelizing security awareness across the Business Unit
Key Success Criteria
- Increased levels of security across designated Business Unit
- Improved compliance with security standards and policies across Business Unit teams.
- Greater awareness of information security and data privacy requirements (globally)
- Adoption of Enterprise Information Security Standards throughout the business environment
- Bachelor's Degree or equivalent experience
- CISSP or CISM required
- Seven years or more year of progressive experience in an information security role
- Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and data security
- Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
- Ability to interpret and apply policies and regulations across a large, complex business
- Analytical aptitude with an emphasis on investigative, methodical and critical questioning and logical thinking; a data-driven decision maker
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
- Advanced skills with MS-Windows and other related PC applications
- Project management experience highly desired
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary – but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.
Meet Some of Allstate's Employees
Data Analytics Engineer
Patrick supports the work of his fellow Data Scientists by coding predictive models. He works to create functional Allstate products by making sense of the company's vast amount of customer data.
Back to top