Lead Information Security Risk Consultant
Where good people build rewarding careers.
Think that working in the insurance field can't be exciting, rewarding and challenging? Think again. You'll help us reinvent protection and retirement to improve customers' lives. We'll help you make an impact with our training and mentoring offerings. Here, you'll have the opportunity to expand and apply your skills in ways you never thought possible. And you'll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.
The Senior Information Security Risk Consultant is responsible for identifying and securing the enterprise's information assets through contribution to the design, implementation, and maintenance of the risk assessment and variance programs. The incumbent will be able to provide transparency on information security risk and enable the business to make informed, risk based decisions. This resource will determine the risk to the company, gather the appropriate subject matter experts to consult on possible solutions, manage each exception until remediated, and provide key stakeholders the necessary information to make informed business decisions. In addition, this resource will be expected to participate in extensive client interactions relating to technical, procedural, and documentation controls with a wide range of technology-based and business functions, will be able to drive problem resolution, and implement effective mechanisms to track and report on security risks. Certifications such as CISSP, GSEC, GIAC, CISA, CRISC, CISM, or CCNE are recommended.
- Serve as a trusted cybersecurity advisor for the business through demonstration of a strategic understanding of the partner's business, mission and goals, and support business initiatives in a complex and evolving risk landscape.
- Ability to fully understand the business strategy and environment and align appropriate solutions to enable secure business practices and maintain competitive advantage.
- Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
- Conduct business impact and/or risk assessment analysis and assist with recommendations and/or mitigation strategies to management through information security risk assessments and consultation with the business.
- Assist the Policy & Standards team in the development, implementation, and enforcement of standards and procedures to secure and protect Allstate assets.
- Research and evaluate emerging trends, threats and technologies both internal and external.
- Provide support to stakeholders on requirements for new and existing business / technology solutions to assure compliance to standards and governing policies and procedures.
- Reporting and communication of security compliance issues and recommendations
- Champion the integration of security risk management activities into Allstate day to day processes.
- Assist in integrating information security services into the ATSV work intake and project management processes.
- Partner with all areas of the business, including internal auditors, legal, IT and business partners.
- Develop and improve KPIs, metrics, and trending for the risk management and consulting function.
- Respond to and assist with audits, assessments and compliance requests.
- Participate and lead new projects as needed.
- Serve as client liaison as needed on matters pertaining to Risk Management.
- Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
- Act as a subject matter expert for the organization's information asset protection policies and procedures, and information technology best practices.
- Develop and refine procedures and techniques used by the team.
- Other duties as assigned.
Education: College Degree or equivalent work experience; 5+ years work experience in security or risk management, project management, data protection
Certifications in area of specialty a plus. Examples include: CISSP, CSSLP, CISA, CISM, GIAC certs, CFE, CNP, CEH, etc.
Experience in the insurance and/or financial industries preferred
Demonstrated ability to participate in cross functional teams, including offsite, remote, and offshore resources
Ability to effectively communicate with technical and non-technical resources
Strong organizational skills
Self-directed, works with minimal guidance, and recognize when guidance is needed
Proficient in Microsoft Office Suite (Word, Excel, Project, PowerPoint, Visio)
Demonstrated ability to stay abreast of evolving security technology such as cloud and mobile computing
Knowledge of PCI DSS, HIPPA, ISO, NIST, and IT Controls
Strong understand of IT security best practices
Good Work. Good Life. Good Hands®.
As a Fortune 100 company and industry leader, we provide a competitive salary – but that's just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you'll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.
Meet Some of Allstate's Employees
Data Analytics Engineer
Patrick supports the work of his fellow Data Scientists by coding predictive models. He works to create functional Allstate products by making sense of the company's vast amount of customer data.
Back to top