Apply Now    
Job ID :
Location :
Northbrook, IL US
Level :
Job Category :
Information Technology
Description :

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the enterprise.

Information Security Business Council

  • Partner with Allstate Information Security and other key stakeholders to establish a business-focused Information Security Council
  • Develop robust metrics and reporting to clearly articulate the security posture of each line of business

    Cyber Security Risk Reporting

  • Ensure business level cyber security risk assessments are conducted inclusive of annual entity assessments and supplier security risk assessments
  • Oversee the establishment of security risk tolerances as applicable to each line of business
  • Integrate BISO risk reporting into the local operational risk functions as well as aggregated reporting into the Enterprise Operational Risk Framework as appropriate
  • Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts across the lines of business
  • Partner with AIS and the business to ensure security risk and capability evaluations are conducted in support of M&A activity
  • Establish aggregate security risk metrics for reporting

    Security Compliance

  • Identify regulatory, legislative, and industry specific compliance requirements and applicability to each line of business
  • Establish reporting on compliance report card for each line of business
  • Ensure business practices have been established and are monitored to enable integration of security controls into business/IT activities

    Security Operational Effectiveness & Training

  • Define KPIs to measure enterprise-wide security effectiveness and support BISO program governance
  • Oversee the establishment of continuous improvement priorities and monitor progress
  • Engage technology, security, and business stakeholders to create awareness and alignment on priorities
  • Oversee the definition and execution of security specific training for key roles within each line of business


  • Provide input into the Allstate Corporation Information Security Program
  • Review and provide input into the Information Security Policy and Standards
  • Ensure clear lines of communication between the business, Operational Risk, and the Chief Information Security Officer

Job Qualifications

  • Demonstrated executive level business and technical acumen
  • 15-20+ years of business experience in planning, organizing, and developing cyber and information security capabilities in large global organizations
  • Experience serving as cyber and information security leader in complex organizations, preferably the Insurance or Financial Services industry
  • Ability to develop and clearly articulate a compelling cyber and information security strategy to key business stakeholders
  • Strong knowledge of current and emerging cyber security risks, and innovative risk management methods
  • Ability to collaboratively develop a cyber risk strategy in conjunction with numerous and diverse stakeholders
  • Prior experience with security policy, standards, and controls definition
  • Ability to design an effective security awareness program, and to manage stakeholders across business areas and functions to ensure execution
  • Experience with security operational metrics and dashboards, and managing performance effectiveness and improvement
  • Knowledge of federal, state, and local cyber and information security regulation and legislation

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.


Apply Now