Cyber Risk Assessment Lead Consultant (Remote - Home Based Worker) - Allstate Insurance : Job Details

At Allstate, great things happen when our people work together to protect families and their belongings from life's uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers' evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection.

Job Description

The Cyber Risk Assessment Lead is part of Governance, Risk, & Compliance (GRC) within Allstate Information Security. This role will be a subject matter expert within our Cyber Risk Assessment Team and will drive maturity and growth in our cyber risk assessment program and methodology to ensure accurate reporting of residual risk to stakeholders, driving informed, risk-based decisioning. This includes benchmarking of our processes, identification and design of enhancements, and implementation of innovative process changes to drive simplification, affordability, and connectivity/synergy across risk services within Allstate Information Security and across the enterprise.

The Cyber Risk Assessment Lead will collaborate across business and security teams within the Allstate enterprise and Family of Companies to identify, assess, and mature capabilities to report residual risk of cyber related controls. This role will also collaborate with security process owners to drive optimization of our cyber risk analysis services and provide accuracy in residual risk reporting to business level leaders and our Board of Directors. In this highly visible role, there will be exposure to varying levels of leadership across the enterprise and family of companies. A broad range of professional skills along with strong interpersonal and communications skills will be required for problem-solving, objective-based decisioning, and collaboration with virtual cross-functional work groups. This individual serves as a subject matter expert and trusted advisor who can clearly articulate Allstate security policies, standards, control requirements, and risk to both technical and business audiences alike.

• Lead design an approach to ensure transparent reporting of risk impacts to technical assets and business operations to support leadership in risk-based security decisions
• Drive strategic maturity and innovation within the cyber risk assessment program to drive simple, affordable, connected solutions that reduce assessment fatigue and drive informative, effective assessments
• Execute on agreed upon methodology to identify, assess, and report on cyber risk in Board level
• Challenge status quo to drive maturity, effectiveness, and accuracy within and across our cyber risk services
• Recommend operationally feasible and cost-effective solutions to reduce risk, as appropriate
• Drive automation within workflows and residual risk methodology to drive resource efficiency and self-service capabilities
• Drive sound cyber risk reporting and accountability across Allstate business units and family of companies
• Help our partners proactively maintain a strong cybersecurity preparedness and response posture
• Drive key stakeholder education to support continued engagement and awareness of program requirements
• Help facilitate review of changes in company processes, standards, and technology to ensure alignment to cyber risk evaluation processes and reporting
• Build effective working relationships, make sound decisions, successfully implement changes, initiate action, and achieve results as a trusted advisor

• 7+ years of Information Security/IT risk assessment or consulting experience
• Relevant security/computer science education and/or industry standard certifications preferred (i.e., CRISC, CISM, CISA, CISSP, CompTIA, SANS Institute/GIAC)
• Strong analytical and organizational skills with ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results
• Effective written and verbal communication skills with ability to tailor communication style to audience at hand
• Ability to effectively work with technical and non-technical resources, which includes partnership with multiple business groups, managers, network/security architects, and engineers
• Take complete ownership over assigned objectives and work independently in a semi-structured environment, while recognizing when guidance is needed from program management and senior leaders
• Ability to write quality documentation and/or presentations is a must
• Ability to work across organizational boundaries and levels is a must
• Proficiency in MS Office Pro Suite and SharePoint
• Ability to stay up to date with current cybersecurity threat landscape and maintain technical proficiency via self or formal training
• Good understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
• Working knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT
• General knowledge of common application security architecture and vulnerabilities (e.g., OWASP Top 10), attack techniques, and remediation tactics/strategies
• General familiarity with common enterprise infrastructure (OS platforms, directory services, networking infrastructure, appliances, middleware, security infrastructure)