Security Governance - Lead Consultant (hybrid/remote)

At Allstate, great things happen when our people work together to protect families and their belongings from life's uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers' evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Your role in the team
The Security Governance Lead Consultant develops and evaluates compliance with programs, processes, and procedures to mitigate cybersecurity risk and ensure protection of company information and assets; researches and develops interpretations of industry and government regulations, standards, and contract requirements for application to assigned area of operations.

• Provides leadership and mentoring for less experienced team members on assigned projects and in area of expertise

• Reviews and validates with Legal resources and communicates interpretations of regulatory, contract, and industry requirements for business and technical managers for cybersecurity governance and suggests application to assigned area; oversees the creation, organization, and maintenance of required filings and documentation

• Performs ongoing and forensic audits of governance process and procedure compliance; tracks metrics, analyzes results, and develops recommendations for changes and enhancements; communicates to business and technical leadership

• Works with business and technical leaders to develop governance plan and metrics for assigned area; develops, communicates, and executes programs and processes that provide guidance and promote cybersecurity risk awareness and management in alignment with operational needs

• This job does not have supervisory responsibilities

• All applicants must demonstrate they have a legal right to work in the UK for employment at Allstate. Allstate is not providing sponsorship for this vacancy.
• 5+ years of security/technology audit experience, including development of control test plans/scripts

• Working knowledge of NIST CSF 2.0 and/or NIST 800.53 rev. 5

• Experience in automating control testing processes

• Experience managing multiple assignments and projects at once

• 8+ years of security/technology audit experience, including development of control test plans/scripts
• CISA, CRISC, CISSP, CISM, or other relevant certifications (preferred)

• Experience communicating effectively with resources of all levels (analyst to executive)

• Proven experience challenging ideas, asserting your expertise, and being comfortable making recommendations in a professional manner

• Experience working in a role that requires strong attention to detail