Cyber Risk Assessment Lead Consultant

October 6

Apply Now

Receive Emails with Similar Jobs

Allstate

WebsiteLinkedInAll Job Openings

Auto Insurance • Life Insurance • Retirement Planning • Homeowners Insurance • Motorcycle Insurance

10,000+

💰 Post-IPO Equity on 2014-01

Description

• The Cyber Risk Assessment Lead is part of Governance, Risk, & Compliance (GRC) within Allstate Information Security. • This role will be a subject matter expert within our Cyber Risk Assessment Team and will drive maturity and growth in our cyber risk assessment program and methodology to ensure accurate reporting of residual risk to stakeholders, driving informed, risk based decisioning. • This includes benchmarking of our processes, identification and design of enhancements, and implementation of innovative process changes to drive simplification, affordability, and connectivity/synergy across risk services within Allstate Information Security and across the enterprise. • The Cyber Risk Assessment Lead will collaborate across business and security teams within the Allstate enterprise and Family of Companies to identify, assess, and mature capabilities to report residual risk of cyber related controls. • This role will also collaborate with security process owners to drive optimization of our cyber risk analysis services and provide accuracy in residual risk reporting to business level leaders and our Board of Directors. • In this highly visible role, there will be exposure to varying levels of leadership across the enterprise and family of companies. • A broad range of professional skills along with strong interpersonal and communications skills will be required for problem-solving, objective based decisioning, and collaboration with virtual cross-functional work groups. • This individual serves as a subject matter expert and trusted advisor who can clearly articulate Allstate security policies, standards, control requirements, and risk to both technical and business audiences alike.

Requirements

• 7+ years of Information Security/IT risk assessment or consulting experience • Relevant security/computer science education and/or industry standard certifications preferred (i.e., CRISC, CISM, CISA, CISSP, CompTIA, SANS Institute/GIAC) • Strong analytical and organizational skills with ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results • Effective written and verbal communication skills with ability to tailor communication style to audience at hand • Ability to effectively work with technical and non-technical resources, which includes partnership with multiple business groups, managers, network/security architects, and engineers • Take complete ownership over assigned objectives and work independently in a "semi-structured" environment, while recognizing when guidance is needed from program management and senior leaders • Ability to write quality documentation and/or presentations is a must • Ability to work across organizational boundaries and levels is a must • Proficiency in MS Office Pro Suite and SharePoint • Ability to stay up to date with current cybersecurity threat landscape and maintain technical proficiency via self or formal training • Good understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines • Working knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT • General knowledge of common application security architecture and vulnerabilities (e.g., OWASP Top 10), attack techniques, and remediation tactics/strategies • General familiarity with common enterprise infrastructure (OS platforms, directory services, networking infrastructure, appliances, middleware, security infrastructure)