FreshRemote.Work

Cyber Risk Assessment Lead Consultant (Remote - Home Based Worker)

USA - IL (Remote)

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. 

Job Description

The Cyber Risk Assessment Lead is part of Governance, Risk, & Compliance (GRC) within Allstate Information Security. This role will be a subject matter expert within our Cyber Risk Assessment Team and will drive maturity and growth in our cyber risk assessment program and methodology to ensure accurate reporting of residual risk to stakeholders, driving informed, risk based decisioning. This includes benchmarking of our processes, identification and design of enhancements, and implementation of innovative process changes to drive simplification, affordability, and connectivity/synergy across risk services within Allstate Information Security and across the enterprise.

The Cyber Risk Assessment Lead will collaborate across business and security teams within the Allstate enterprise and Family of Companies to identify, assess, and mature capabilities to report residual risk of cyber related controls.  This role will also collaborate with security process owners to drive optimization of our cyber risk analysis services and provide accuracy in residual risk reporting to business level leaders and our Board of Directors.  In this highly visible role, there will be exposure to varying levels of leadership across the enterprise and family of companies.  A broad range of professional skills along with strong interpersonal and communications skills will be required for problem-solving, objective based decisioning, and collaboration with virtual cross-functional work groups.  This individual serves as a subject matter expert and trusted advisor who can clearly articulate Allstate security policies, standards, control requirements, and risk to both technical and business audiences alike. 

Key Responsibilities

  • Lead design an approach to ensure transparent reporting of risk impacts to technical assets and business operations to support leadership in risk-based security decisions

  • Drive strategic maturity and innovation within the cyber risk assessment program to drive simple, affordable, connected solutions that reduce assessment fatigue and drive informative, effective assessments

  • Execute on agreed upon methodology to identify, assess, and report on cyber risk in Board level

  • Challenge status quo to drive maturity, effectiveness, and accuracy within and across our cyber risk services

  • Recommend operationally feasible and cost-effective solutions to reduce risk, as appropriate

  • Drive automation within workflows and residual risk methodology to drive resource efficiency and self-service capabilities

  • Drive sound cyber risk reporting and accountability across Allstate business units and family of companies

  • Help our partners proactively maintain a strong cybersecurity preparedness and response posture

  • Drive key stakeholder education to support continued engagement and awareness of program requirements

  • Help facilitate review of changes in company processes, standards, and technology to ensure alignment to cyber risk evaluation processes and reporting

  • Build effective working relationships, make sound decisions, successfully implement changes, initiate action, and achieve results as a trusted advisor

Job Qualifications

  • 7+ years of Information Security/IT risk assessment or consulting experience

  • Relevant security/computer science education and/or industry standard certifications preferred (i.e., CRISC, CISM, CISA, CISSP, CompTIA, SANS Institute/GIAC)

  • Strong analytical and organizational skills with ability to effectively manage multiple, competing projects/priorities while achieving targeted completion results

  • Effective written and verbal communication skills with ability to tailor communication style to audience at hand

  • Ability to effectively work with technical and non-technical resources, which includes partnership with multiple business groups, managers, network/security architects, and engineers

  • Take complete ownership over assigned objectives and work independently in a "semi-structured" environment, while recognizing when guidance is needed from program management and senior leaders

  • Ability to write quality documentation and/or presentations is a must

  • Ability to work across organizational boundaries and levels is a must

  • Proficiency in MS Office Pro Suite and SharePoint

  • Ability to stay up to date with current cybersecurity threat landscape and maintain technical proficiency via self or formal training

  • Good understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines

  • Working knowledge of: PCI DSS 3.2, HIPAA applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT

  • General knowledge of common application security architecture and vulnerabilities (e.g., OWASP Top 10), attack techniques, and remediation tactics/strategies

  • General familiarity with common enterprise infrastructure (OS platforms, directory services, networking infrastructure, appliances, middleware, security infrastructure)


 

#LI-JJ1

Skills

Cybersecurity Controls, Cybersecurity Risk Assessment, Health Insurance Portability & Accountability Act (HIPAA), Information Security Policies, Information Technology (IT) Risk Management, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), Stakeholder Management

Compensation

Compensation offered for this role is $95,700.00 - 170,925.00 annually and is based on experience and qualifications.

The candidate(s) offered this position will be required to submit to a background investigation.

Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. And one where you can impact the future for the greater good.  

You’ll do all this in a flexible environment that embraces connection and belonging. And with the recognition of several inclusivity and diversity awards, we’ve proven that Allstate empowers everyone to lead, drive change and give back where they work and live. 

Good Hands. Greater Together.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.

To view the “EEO is the Law” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs

To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint.

It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Apply