Apply Now    
Job ID :
Location :
Northbrook, IL US
Level :
Senior Manager
Job Category :
Information Technology
Description :

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

Through its breadth of knowledge and understanding of information technology industry trends and emerging technologies, Security Governance, Risk and Compliance protects Allstate assets and information. This Security family manages the data protection strategies for the company. This is accomplished through the development, implementation, and administration of programs that help address compliance requirements to state, federal and industry standards, while protecting their stakeholders and related information.

The Director of Security Governance, Risk, and Compliance serves as a senior leader within the Allstate Information Security organization.  This role will partner in defining an enterprise cyber risk strategy and provide risk management oversight; contribute to the establishment of an enterprise-wide cyber security policy framework and minimum standards; inform and execute enterprise-wide cyber security compliance through controls definition and assessment & process oversight; and ensure cyber security operational effectiveness through cyber security KPI selection and performance assessment, and oversight of employee awareness & training programs.

Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the enterprise.

Job Description

  • Oversee the execution of an enterprise cyber risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels (in collaboration with the Chief Risk Office); conduct security risk and capability evaluations in support of M&A activity
  • Oversee the execution of the enterprise cyber security compliance strategy and approach in collaboration with the Chief Risk Office, enterprise compliance, and the general counsel’s office
  • Partner to identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
  • Ensure the execution and management of 3rd party risk assessments
  • Oversee the establishment of an enterprise-wide cyber security policy framework, and develop a set of enterprise policies and minimum standards in line with business objectives, laws, and regulations; oversee the exception management process for cyber security policies, tools, and architecture
  • Provide input to define KPIs & KRIs to measure enterprise-wide security effectiveness and support program governance
  • Partner with other business division security groups to set continuous improvement priorities and monitor progress
  • Responsible for management of an enterprise-wide cyber security awareness training program to drive desired security behaviors across the Allstate employee population and create or acquire core program content
  • Oversee Identification, management and protection of personal data in accordance with its value and risk, and retained in pursuant to applicable legal and regulatory requirements.

Job Qualifications

  • Bachelor's Degree or advanced degree in IT/Computer Science/Engineering or equivalent experience
  • CISSP, CISM, CISA or SANS certification required
  • 10+ years of progressive experience in planning, organizing, and developing cyber and information security capabilities in large organizations, preferably in the Insurance or Financial Services Industry (global experience preferred)
  • Understand current and emerging cyber security risks, and innovative risk management methods
  • Ability to interpret and apply security policy, standards, and controls definitions across a large, complex business
  • Ability to design an effective security awareness program, and to partner across business areas and functions to ensure execution
  • Experience with security operational metrics and dashboards, and managing performance effectiveness and improvement
  • Knowledge of federal, state, and local cyber and information security regulation and legislation
  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
  • Advanced skills with MS-Windows and other related PC applications

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.


Apply Now