Risk Assessment Business Analyst

Description :

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

Job Family Summary

The purpose of Enterprise Business Conduct is to lead the organizational design, implementation, and enforcement of an effective compliance and ethics program (the “Program”). The purpose of the Program is to promote an organizational culture that encourages a strong commitment to compliance with applicable laws and regulations and ethical conduct. The Governance of Personal Information (GPI) Risk Assessment Team is responsible to creating and implementing a sustainable business model to conduct risk and impact assessment to protect Personal information I on partnership with information security, data governance and privacy related actions.

Job Summary

The Governance of Personal Information (GPI) Consultant is responsible for driving activities that support the analysis, mitigation, management, and reporting of privacy and security risk. The Consultant partners with business and technology performing analysis to mitigate risks, conducts research to identify emerging trends in security and privacy risk management and risk mitigation, and participates in the implementation of programs that ensure or improve the effectiveness of GPI, privacy risk management, data governance and protection strategies for personal information.

Key Responsibilities

  • Serve as a trusted GPI advisor to business and technology partners through demonstration of a strategic understanding of the partner’s business, mission and goals, and support business initiatives in a complex and evolving risk landscape.
  • Fully understand the business strategy and environment and align appropriate solutions to enable secure business practices and maintain competitive advantage.
  • Identify and recommend appropriate measures to manage and mitigate privacy and security risks and mitigate potential impacts to personal information to a level acceptable to the senior management of the company.
  • Conduct privacy and security impact and/or risk assessment analysis by supporting and consulting with business and IT partners on recommendations and/or mitigation strategies; manage and report on remediation efforts.
  • Establish risk reporting for appropriate audiences (for example, to the board of directors so they understand the most significant privacy risks, to senior leadership to ensure they are aware of privacy risks relevant to their parts of the organization, and to individuals to understand their accountability to privacy).
  • Assist in the development, implementation, and enforcement of policies, standards and procedures to secure and protect personal information.
  • Research and evaluate emerging trends, threats and technologies both internal and external.
  • Provide support to stakeholders on requirements for new and existing business / technology solutions to assure compliance to GPI policies and procedures.
  • Champion the integration of GPI Information activities into Allstate day to day processes including work intake and project management processes.
  • Develop and improve KPIs, metrics, and trending for the risk and impact management and consulting function.
  • Participate and lead new projects as needed.
  • Serve as liaison as needed on matters pertaining to GPI.
  • Promote and consult on the initiatives and approaches that help strengthen and secure the organization by following standards and directing others to do so.
  • Develop and refine procedures and techniques used by the team.
  • Other duties as assigned.

Job Qualifications

  • Education: college degree or equivalent work experience in the field of privacy and/or information security. Minimum of 2-4 years’ experience in IT, Security and/or Privacy.
  • Certifications: Privacy and/or security preferred.
  • Demonstrated ability to participate in cross functional teams, including offsite, remote and offshore resources.
  • Effective written and verbal communication skills. Ability to tailor communication style to audience at hand.
  • Ability to effectively communicate with technical and non-technical resources.
  • Strong organizational and project management skills.
  • Self-directed, works with minimal guidance, and recognizes when guidance needed.
  • Proficient in MS Office Suite (Word, Excel, Project, PowerPoint, Visio).
  • Demonstrated ability to stay abreast of evolving technology such as cloud and mobile computing.
  • Knowledge of privacy and security controls, protocols, tools and systems such as PCI, HIPAA, NIST, ISO (2700X), Privacy by Design.
  • Understanding of IT privacy and security best practices

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life — including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.

Meet Some of Allstate's Employees


Data Analytics Engineer

Patrick supports the work of his fellow Data Scientists by coding predictive models. He works to create functional Allstate products by making sense of the company's vast amount of customer data.


Agile Software Developer

Because developers at Allstate engage in paired programming, Jordan spends the majority of his day working with one of his fellow developers on various coding projects.

Back to top